Large-scale probes into unlawful labor intermediation and VAT fraud in the logistics sector continued, with significant asset seizures, while public and private-sector corruption enforcement escalated. EPPO activity increased coordination of cross-border investigations.
Legislative reforms expanded the exposure of corporations to criminal investigation through new environmental predicate offenses, sanctions-related offenses and AI-related aggravations, with pending reforms to Decree 231.
Internal investigations face strict whistleblowing timelines, AI-enabled review expectations, multidisciplinary scrutiny, and privacy-by-design requirements, with courts demanding substantive remediation over paper compliance. Targeted sectors include fashion, construction, logistics, and retail, with 2026 pressure on third-party governance, AI risk controls, and trade sanctions compliance, alongside deepening EPPO enforcement.
Recent enforcement actions and legal reforms impacting Italian business operations
Enforcement risk for companies operating in Italy remained elevated through 2025. Several judicial administration measures (amministrazione giudiziaria) were applied to Italian subsidiaries of international luxury fashion brands for subcontracting production/work to suppliers that allegedly exploited workers. The measures provide for a court-appointed administrator who will oversee the companies’ operations to address the shortfalls in their supply chains.
Among others, the Milan Court appointed a judicial administrator for one year to the Italian subsidiary of a leading luxury fashion group following findings that outsourced production occurred in exploitative labor conditions, and to a major luxury group in footwear, leather goods, and apparel, alleging organizational shortcomings and control failures that negligently facilitated illicit exploitation of workers in the production chain. In both cases, there were no indictments for predicate crimes, but liability rested on the authorities’ view that governance gaps and weak oversight enabled serious third-party misconduct.
Authorities continued large-scale investigations into unlawful labor intermediation schemes and related tax fraud in the logistics and distribution sectors. Since 2021, the Milan Public Prosecutor’s Office has reportedly secured EUR434 million in seizures against several companies. One widely reported case in 2025 involved the Italian subsidiary of a global transportation company, where a EUR46m seizure was ordered in connection with alleged tax fraud through tiered intermediaries and cooperatives used as “filters” to supply low-cost labor, evading taxes and social contributions.
Corruption enforcement remained a priority across the public and private sectors. In June 2025, the Milan Public Prosecutor’s Office launched a major criminal investigation involving more than 70 individuals, including Milan’s mayor and several municipal officials, and seven real estate companies, in connection with building permits in Milan for new large construction sites. The investigation sparked huge uncertainty in the Milan real estate market.
The European Public Prosecutor’s Office (EPPO) sustained a high tempo of activity on complex financial and VAT fraud, increasing the likelihood of cross‑border evidence gathering and coordinated investigative measures.
Law reforms impacting corporate criminal liability
There has been, or is due to be, law reform in a number of high-profile areas such as environment, AI, compliance, supply chains, and sanctions.The list of environmental crimes that can trigger the quasi-criminal liability of entities under Legislative Decree No. 231/2001 expanded under the “Terra dei Fuochi” Legislative Decree to include failure to remediate, obstruction of oversight, unlawful burning of waste, and aggravated or newly articulated forms of illegal abandonment or shipment of waste. These reforms increase pecuniary sanctions, broaden grounds for disqualifying sanctions, and expand exposure for both principal operators and companies that rely on third parties for environmental matters.
Italy’s brand new AI Law, coordinated with the EU AI Act, introduced a general AI related aggravating circumstance applicable across several criminal offenses. These include several predicate offenses for quasi criminal corporate liability, and a specific one for insider trading and market manipulation when committed using AI systems, pushing firms toward stronger model governance, traceability, and controls that prevent and detect AI enabled misconduct.
A legislative decree implementing Directive (EU) 2024/1226 on criminal offenses and penalties for violations of EU restrictive measures was enacted to tackle intentional and negligent breaches of EU sanctions, including making available or failing to freeze funds or economic resources for sanctioned persons or entities, failing to report funds or resources of sanctioned persons to competent authorities within Italy, and serious negligence in the import/export, transfer, transit, or brokering of goods. For entities, these offenses become Decree 231 predicate crimes with turnover based fines or fixed amounts up to EUR40 million and disqualifying sanctions, requiring prompt updates to compliance frameworks.
Looking ahead, a structural reform of Legislative Decree No. 231/2001 is progressing through position papers and a parliamentary bill. Key themes include clarifying the concept of “[organizational] fault,” establishing more predictable criteria to assess adequacy of a company’s compliance program (the so-called Model 231), and strengthening incentives for self cleaning, cooperation, and probation. The reform aims (i) to extend Italian extraterritorial jurisdiction for offenses relevant under Decree 231 to entities registered in the EU or third countries, but operating in Italy through a permanent establishment or a structure lacking legal personality and (ii) to reinforce parent company concurrent liability for offenses committed by the subsidiary.
Finally, a fashion sector bill issued in October 2025 would introduce a certification system for supply chain compliance, envisaging annual audits on compliance with social security, tax, and labor laws throughout the production process—from lead contractors to subcontractors—and confirm the absence of criminal convictions or administrative sanctions against owners or directors. Contracts would need clauses ensuring subcontractor compliance, and certification would require adoption of an organizational model preventing labor exploitation offenses under Legislative Decree No. 231/2001.
Conduct of internal investigations
Several practical and legal shifts in 2025 materially changed expectations for how companies design and execute internal investigations.
Mandatory whistleblowing systems and time bound case handling now impose legal obligations to triage and investigate reports within defined timelines, raising the bar on investigation readiness for structured two-stage assessments: admissibility and risk, followed by fact-finding. Common challenges include complex preliminary reviews, resource constraints, and delays where business functions must perform fact checks or produce data. Formal procedures, targeted training, and external counsel engagement are increasingly essential for independent, specialized expertise, and legal privilege over sensitive analyses, interviews, and findings.
Technology acceleration, especially AI-assisted review, is reshaping first level document review in email and chat analytics, through models that iteratively predict relevance and can reduce document volumes before human review, accelerating timelines and lowering costs. This requires careful validation, appropriate sampling and quality control, and secure handling of sensitive data.
Data, privacy, and cross-border constraints require privacy by design in investigation protocols, including data minimization, lawful bases for processing, secure channels, and transfer mechanisms that withstand regulatory scrutiny.
Multi-disciplinary enforcement exposure has broadened the expertise needed in investigations, particularly in tax-related offenses and financial misconduct. In addition to Legal, Compliance, and Audit, companies increasingly rely on tax specialists and finance/accounting experts.
Courts have reinforced “substance over form.” Purely formal audit processes, without real capacity assessments, are discounted. Effective investigations must culminate in concrete corrective actions, clear accountability for implementation, and measurable follow up.
Sectors targeted by law reforms or criminal enforcement action
Authorities appear to remain focused on the fashion and luxury and logistics sectors, with preventive measures issued by the Milan Court indicating sustained scrutiny through 2026 of subcontracting chains and organizational safeguards against illicit externalization of labor. Other targeted sectors include real estate and tech.
Criminal tax enforcement is active across the economy, with particular attention on false invoicing and VAT fraud. Construction, logistics, and retail should assume elevated risk and adjust controls accordingly, including diligence on third parties, verification of invoices and counterparties, and robust documentation of economic substance.
The new legislative decree on EU sanctions related crimes extends corporate exposure for companies importing or exporting goods or services, directly or indirectly. Firms should anticipate heightened expectations around sanctions screening, trade controls governance, and evidence of end use and counterparties, supported by oversight and escalation mechanisms calibrated to evolving risk.
Corruption remains a core focus, especially in procurement intensive sectors such as infrastructure, healthcare, and ICT. Companies that bid for, award, or participate in public tenders should treat inherent corruption risk as high and reinforce controls around conflict management, bid rigging detection, and third party integrity.
Cross-border coordinated investigation or enforcement activity
The European Public Prosecutor’s Office in Italy advanced multiple 2025 investigations into VAT fraud, customs evasion, and cross border corruption, signaling coordinated enforcement that will extend into 2026.
In Bologna, EPPO ordered a search and seizure over 2.2 million meters of fabric, documentation, and electronic devices in a customs fraud case, concerning fake suppliers, buyers, and delivery addresses to import goods from China to Italy while avoiding customs duties and VAT.
EPPO directed searches and preventive seizures in Rome and Brescia for a EUR17m VAT fraud involving electronic goods. Authorities placed a “de facto” manager under house arrest and barred three strawmen from business management. Preventive seizures totaled over EUR17.7m across bank accounts, cash, vehicles, motorcycles, luxury watches, and other assets.
In Venice, EPPO named six suspects, including three Bosnian officials, in cross border corruption tied to a EUR4m consultancy within a EUR340m motorway project financed by the EIB and Bosnia, alleging procurement manipulation to benefit an Italian firm.
Predictions for 2026
- Tax/VAT fraud and EPPO driven cross border cases will remain central. Large scale VAT fraud, false invoicing, missing trader schemes, and customs evasion will continue to attract coordinated searches, seizures, and evidence gathering across EU Member States. In house teams should anticipate multi jurisdictional measures, parallel proceedings, and rapid asset restraints, integrating tax and accounting expertise into case teams and ensuring early readiness for data, privilege, and dawn raid protocols.
- Supply chain accountability and labor exploitation enforcement will persist, especially in sectors reliant on outsourced production. Judicial administration and preventive measures will target negligent oversight in subcontracting chains. Fashion and luxury, construction, logistics, and retail face heightened risk where unlawful labor intermediation, social security or tax evasion, or HSE breaches emerge from weak third party governance. Certification regimes and mandatory contractual clauses are likely to increase, resulting in operational burden across procurement, finance, compliance, and legal.
- AI enabled misconduct will draw greater scrutiny, pushing firms to address model governance, audit trails, access controls, and post incident reviews that map technical causation to control failures. Companies will need defensible documentation and monitoring to demonstrate effective prevention and detection of AI assisted misconduct.
- Environmental compliance standards will rise. Expanded environmental predicate offenses and persistent enforcement interest in waste management and related corruption will require more rigorous due diligence, contractor oversight, and remediation planning, with clearer accountability and metrics to demonstrate control effectiveness.
On the horizon
- Governance and compliance expectations will shift decisively from whether programs exist to whether they demonstrably work. Regulators are increasingly skeptical of “paper compliance” and will expect tangible, risk mitigating outcomes. In house teams should strengthen not only controls but their documentation—supplier audits, investigation records, corrective actions, disciplinary outcomes, and training evidence. Third party governance will become a baseline expectation, including: structured onboarding and periodic requalification of suppliers; rigorous contracts with clauses addressing labor, tax, social security, and HSE obligations; and robust on site inspections. Assurance programs will move toward risk segmented plans and data driven testing rather than uniform, one size fits all auditing.
- Internal investigations will be judged on effectiveness and remediation. Case law shifts away from “tick the box” approaches meaning that investigations should identify root causes and specific weaknesses in the control system and drive concrete, timely corrective actions.
- Sanctions and trade controls will expand the perimeter of corporate liability. The recent implementation of offenses for violations of EU restrictive measures will raise adequacy and effectiveness requirements. While the exculpatory mechanism grounded in a robust Model 231, an active Supervisory Body, training, and monitoring will remain, the sanctions perimeter will span export supply chains, finance, logistics, procurement, and professional services. Companies must embed sanctions and export controls into Model 231 through end-to-end integration, supported by tailored risk assessments segmented by country, products/services, sales channels, and counterparties.
Directory quotes
- “A&O Shearman has a distinguished practice in white-collar crime, compliance and investigations, which is characterized by several unique aspects, such as its global reach, an integrated approach and advanced technological capabilities.”—Legal 500 2025 (Compliance: Italy)
- “The team comprises expert professionals with extensive experience in handling complex white-collar crime and investigation cases.”—Legal 500 2025 (Compliance: Italy)
Francesca Petronio, Partner
- Francesca Petronio awarded as Litigation— Lawyer of the Year Legal Community Awards 2024
- “Francesca Petronio is an excellent professional. Her deep international experience and technical expertise make her a strategic point of reference for customers.”—Chambers & Partners Europe 2025 (Compliance: Italy)
Veronica Rossetti, Senior Associate
- “Veronica Rossetti has terrific expertise in compliance.”—Legal 500 2025 (Compliance: Italy)
This article is part of the A&O Shearman Cross-border white-collar crime and investigations review 2026.
