Smart Working Rules Italy 2026: Employer Obligations, Law No. 34/2026 and Sanctions

Last updated: 8 May 2026

The smart working rules Italy employers must follow changed significantly on 7 April 2026 when Law No. 34/2026 entered into force. The statute introduces mandatory annual written information notices, strengthened health and safety duties for home-office arrangements, tighter data-protection requirements, and a graduated sanctions framework that includes administrative fines and, in the most serious cases, criminal liability. This guide sets out every obligation, walks through the practical steps for updating contracts and policies, and maps the penalties employers face for non-compliance.

Executive Summary, What Employers Need to Know Now

Law No. 34/2026 replaces the lighter-touch framework that governed lavoro agile (smart working) since Law No. 81/2017. The core changes that demand immediate employer action are:

• Annual written information notice. Every employer must deliver a written document identifying general and specific risks of remote work, and the protective measures in place, to each smart worker and to the workplace health and safety representative (RLS), at least once per year.
• Updated individual agreements. Written smart-working agreements must now contain mandatory clauses covering working-time boundaries, right-to-disconnect windows, equipment responsibilities, data-protection protocols and health and safety obligations.
• Strengthened H&S duties. Employers must conduct a specific risk assessment for remote-work activities, including display-screen equipment, ergonomics and psychosocial risks, and document the results.
• New sanctions regime. Non-compliance triggers administrative fines, potential criminal exposure for serious H&S failures, and civil liability for damages suffered by employees.

Law No. 34/2026 at a Glance, Scope, Entry Into Force and Key Provisions

Law No. 34/2026 is the first comprehensive overhaul of Italy’s smart working framework since the concept was introduced by Law No. 81/2017. The statute was published in the Gazzetta Ufficiale and entered into force on 7 April 2026, giving employers no transitional grace period for most obligations.

Scope and Definitions, Smart Working vs Teleworking Under Remote Work Law Italy

The statute retains the existing legal definition of lavoro agile: a flexible mode of performing subordinate employment, carried out partly inside and partly outside the employer’s premises, without a fixed external workstation and within the limits of maximum daily and weekly working hours. It is critical to distinguish smart working from classical telelavoro (teleworking), which involves a fixed remote location and is governed by a separate regulatory framework (including the 2004 inter-confederal agreement). Law No. 34/2026 applies exclusively to lavoro agile arrangements, though industry observers expect that enforcement authorities will scrutinise employers who label arrangements as “telework” to circumvent the new obligations.

Territorial Scope and Applicability

The obligations created by Law No. 34/2026 apply to all employment relationships governed by Italian law and, more broadly, to any situation where the employee habitually performs work in Italy. Foreign employers with Italian-based staff, whether through a branch, a subsidiary or direct employment, must comply. Multinational groups with matrix reporting structures should review whether their Italian headcount triggers the new duties even where the employing entity is incorporated abroad.

Key Statutory Duties

The statute introduces or strengthens five categories of employer duty:

1. Execution and maintenance of compliant written individual agreements.
2. Delivery of an annual written information notice on remote-work risks and protective measures.
3. Completion of a remote-work-specific risk assessment under Legislative Decree No. 81/2008 (the consolidated H&S statute).
4. Adoption of data-protection and IT-security measures aligned with GDPR requirements for off-site processing.
5. Compliance with a new sanctions framework encompassing administrative fines and criminal penalties.

Employer Obligations Under Smart Working Rules Italy 2026, Contracts, Agreements and Documentation

Law No. 34/2026 significantly expands the contractual and documentary requirements for employer obligations in smart working arrangements. The statute mandates three distinct compliance layers: the individual written agreement, the annual information notice, and ongoing record-keeping.

Written Individual Agreements

Every smart-working arrangement must be underpinned by a written agreement between employer and employee. Under the new rules, these agreements must now include, at a minimum:

• Working-time parameters. Clear identification of daily and weekly working-time limits, core availability windows, and the right-to-disconnect period during which the employee cannot be required to respond to communications.
• Location parameters. Any restrictions on where the employee may work remotely (for security, insurance or tax reasons), including whether work from abroad is permitted.
• Equipment and expense responsibilities. Specification of who provides hardware, software and connectivity, and the mechanism for reimbursing employee-incurred costs.
• Health and safety commitments. A clause confirming the employer’s risk-assessment obligations and the employee’s duty to cooperate, including reporting unsafe conditions at the remote workstation.
• Data protection and confidentiality. Measures the employee must follow to protect personal data and business-confidential information when working outside the employer’s premises.
• Termination and reversion. Conditions under which either party may terminate the smart-working arrangement and revert to fully on-site work, including any notice periods.

Agreements already in place before 7 April 2026 must be reviewed and, where necessary, amended to incorporate these mandatory terms. The likely practical effect will be that employers need to issue addenda or replacement agreements rather than draft entirely new contracts.

Annual Written Information Notice

The most publicised innovation of Law No. 34/2026 is the mandatory annual written information notice. Employers must deliver this document to each smart worker, and to the Rappresentante dei Lavoratori per la Sicurezza (RLS), at least once every twelve months. The notice must identify:

• General risks associated with remote working (isolation, sedentary behaviour, blurred work-life boundaries).
• Specific risks related to the employee’s tasks and equipment (display-screen use, ergonomic hazards, electrical safety).
• The protective and preventive measures the employer has adopted to mitigate those risks.
• The employee’s own obligations to maintain a safe and suitable workspace.

INAIL guidance recommends that employers tailor this notice to individual roles rather than issuing a generic company-wide document. Early indications suggest that labour inspectors will review whether notices are genuinely role-specific during routine inspections.

Record Keeping and Reporting

Employers must retain copies of individual agreements, annual notices and risk-assessment documentation. Ministry of Labour reporting obligations, already in place for the electronic communication of smart-working agreements, continue unchanged. Employers should ensure that their HR information systems are configured to generate reminders for annual-notice renewal and to archive proof of delivery.

Health and Safety Obligations for Remote and Home-Office Work

Health and safety duties represent the most operationally demanding aspect of the smart working rules Italy employers must navigate under Law No. 34/2026. The statute integrates remote-work-specific obligations into the existing framework of Legislative Decree No. 81/2008, creating clear expectations for risk assessment, worker engagement and equipment management.

Risk Assessment Requirements

Employers must carry out, or update, a specific risk assessment (Documento di Valutazione dei Rischi, DVR) that addresses hazards unique to remote work. INAIL guidance identifies the following priority risk categories:

• Display-screen equipment (DSE). Eye strain, musculoskeletal disorders arising from prolonged screen use without appropriate monitor positioning or seating.
• Ergonomics. Inadequate workstation setup in home environments, desk height, chair quality, lighting conditions.
• Psychosocial risks. Social isolation, difficulty disconnecting, blurring of personal and professional time, techno-stress.
• Electrical and fire safety. Hazards associated with domestic electrical installations and the absence of commercial-grade fire-prevention systems.

The risk assessment must be documented in writing, reviewed at least annually and updated whenever there is a material change to the employee’s working arrangements or equipment.

Employer Procedural Steps, RLS Engagement and Annual Notices

Law No. 34/2026 requires employers to consult the RLS before finalising the remote-work section of the DVR. The RLS must also receive a copy of each annual written information notice. Employers with more than 15 employees that have not yet elected an RLS should take steps to facilitate that election, as the absence of an RLS does not relieve the employer of its consultation duty, in such cases, the territorial RLS (RLST) must be engaged.

Responsibilities for Equipment and Reimbursements

Where the employer provides equipment (laptops, monitors, ergonomic chairs), it remains responsible for ensuring that the equipment meets applicable safety standards. Where employees use their own devices (BYOD), the employer must still assess whether the equipment is suitable and may be required to reimburse reasonable costs incurred to achieve a compliant workstation. Applicable national collective bargaining agreements (CCNL) may contain sector-specific provisions on reimbursement amounts and methods; employers should check their applicable CCNL as well as any supplementary company-level agreements.

Data Protection, IT Security and Equipment Responsibilities

Smart working Italy 2026 obligations extend well beyond employment law into the domain of data protection. Remote work creates new data-processing scenarios that employers must assess under the GDPR and under the guidance of the Garante per la protezione dei dati personali (the Italian Data Protection Authority).

GDPR Implications and DPIA Triggers for Remote Work

When employees access personal data or business-critical systems from outside the corporate network, the risk profile changes. Employers should consider whether a Data Protection Impact Assessment (DPIA) is required under Article 35 of the GDPR, particularly where:

• Employees process special-category data (health data, biometric data) from home.
• New monitoring technologies are deployed to track remote-worker activity.
• Large-scale data transfers occur over domestic internet connections without enterprise-grade encryption.

The Garante has emphasised that employee monitoring must comply with Article 4 of the Workers’ Statute (Law No. 300/1970) and that any monitoring tool must be agreed with trade union representatives or authorised by the labour inspectorate before deployment.

Device Management, BYOD vs Employer-Provided Equipment

Employers face a practical choice between issuing corporate devices and permitting BYOD. Each model carries different compliance implications:

• Employer-provided devices. Easier to enforce encryption, endpoint protection, patch management and remote-wipe capabilities. The employer bears full cost but retains control.
• BYOD. Requires a written BYOD policy specifying minimum security standards, the employer’s right to install mobile device management (MDM) software, and the segregation of personal and corporate data. Employees must consent to these conditions.

Practical Controls and Policy Clauses

A compliant IT framework for smart working should include:

• Mandatory VPN or zero-trust network access for all remote connections.
• Multi-factor authentication for corporate applications.
• Disk-level encryption on all devices used to access company systems.
• Clear incident-reporting procedures for data breaches occurring outside the office.
• Contractual clauses in the individual smart-working agreement requiring the employee to comply with the IT-security policy and to report breaches immediately.

HR and IT departments should coordinate to ensure that the data and compliance infrastructure supporting pay transparency and other regulatory reporting obligations is equally robust for remote-access scenarios.

Drafting a Hybrid Work Policy Italy, Updating Employment Contracts Step by Step

Moving from legal obligation to practical implementation requires a structured workflow. The following step-by-step approach is designed for HR directors, general counsel and business owners updating their hybrid work policy Italy framework under Law No. 34/2026.

Policy Update Workflow

1. Legal review. Map every obligation in Law No. 34/2026 against existing policies, individual agreements and collective bargaining provisions. Identify gaps.
2. H&S risk mapping. Commission or refresh the remote-work-specific risk assessment. Engage the RSPP, the Competent Doctor and the RLS.
3. Contract and clause updates. Draft addenda or replacement clauses for individual smart-working agreements. Prepare template clauses for new hires.
4. IT and data-protection controls. Coordinate with the DPO and IT security team to implement or verify technical safeguards. Complete a DPIA where required.
5. Communication and training. Roll out the updated policy to all affected employees. Deliver targeted training on remote-work risks, the right to disconnect and data-security obligations.
6. Monitor and document. Establish a compliance calendar with annual-notice deadlines, DVR review dates and training-renewal triggers. Archive all documentation centrally.

Suggested Hybrid Policy Structure

A compliant smart-working policy should contain the following sections as a minimum:

• Scope and eligibility. Which roles are eligible; any operational exclusions.
• Working-time and right to disconnect. Core availability hours; no-contact windows; overtime rules.
• Equipment and expenses. What the employer provides; reimbursement mechanism; BYOD conditions.
• Health and safety. Employee’s duty to maintain a safe workspace; employer’s risk-assessment programme; how to report hazards.
• Data protection and IT security. VPN use; device encryption; incident reporting; monitoring disclosures.
• Performance management. How output and objectives are assessed remotely; prohibition of time-based surveillance as sole metric.
• Disciplinary framework. Consequences of policy breaches; procedural safeguards; link to applicable CCNL disciplinary code.

Sample Redline Clauses

The following illustrative clauses can be adapted into individual agreements or policy documents:

• Right to disconnect. “The Employee shall not be required to read, respond to or act upon work-related communications between [20:00] and [08:00] on working days and at any time on rest days, except in cases of genuine operational emergency as defined in the Company’s emergency-response protocol.”
• Annual information notice. “The Employer shall deliver to the Employee, and to the RLS, a written notice at least once every twelve months identifying the general and specific risks associated with the Employee’s remote-working activities and the protective measures in place.”
• Equipment and expenses. “The Employer shall provide the Employee with a laptop computer, external monitor and ergonomic keyboard. The Employee shall be entitled to reimbursement of documented connectivity costs up to a maximum of €[X] per month, payable quarterly in arrears.”
• Data-security obligations. “The Employee shall access Company systems exclusively through the authorised VPN connection, shall not store Company data on personal devices unless expressly permitted by the IT Security Policy, and shall report any suspected data breach to [DPO email] within 24 hours of becoming aware of the incident.”

Employers operating in sectors covered by specific collective agreements should cross-check these clauses against their applicable CCNL provisions. Broader trends in labour rights and gig-worker protections may also inform how flexible-work arrangements are structured.

Smart Working Sanctions Italy, Enforcement, Fines and Criminal Risk

The sanctions framework introduced by Law No. 34/2026 is the sharpest departure from the prior regime. Employers that fail to comply with the new smart working rules Italy face a tiered system of administrative, criminal and civil consequences.

Practical Mitigation and Remediation Steps

Employers that identify compliance gaps should prioritise the following mitigation actions:

• Immediate delivery of annual notices. Even if overdue, delivering the notice promptly demonstrates good faith and may reduce the quantum of any fine.
• Gap-analysis documentation. Prepare a written record of the compliance review, including identified gaps and remediation timelines. This can serve as evidence of diligent effort if an inspection occurs during the remediation period.
• Legal counsel engagement. Complex situations, especially those involving cross-border arrangements, collective bargaining constraints or prior INAIL claims, warrant specialist advice.

Litigation Risk and Employee Claims

Beyond regulatory enforcement, employers face exposure to civil claims by employees who suffer injury or illness attributable to non-compliant smart-working conditions. Industry observers expect that the most common dispute scenarios will include:

• Musculoskeletal injury claims linked to inadequate workstation assessments.
• Stress-related claims arising from failure to enforce the right to disconnect.
• Privacy claims based on unlawful monitoring of remote-worker activity.

Employers with operations in Italy who are also navigating other compliance reforms, such as recent changes to residential lease frameworks relevant to employer-provided housing, should consider a holistic legal review.

Smart Working Compliance Checklist and Implementation Timetable

The following ten-point checklist consolidates every employer action required under Law No. 34/2026 into a single implementation roadmap. Industry observers recommend completing all items within 90 days of the statute’s entry into force.

1. Deliver annual written information notices to every smart worker and the RLS. Owner: HR / HSE. Deadline: Immediate.
2. Audit existing individual agreements against the new mandatory-content requirements. Owner: Legal / HR. Deadline: Day 30.
3. Draft addenda or replacement agreements incorporating all mandatory clauses. Owner: Legal. Deadline: Day 45.
4. Commission or update the remote-work-specific risk assessment (DVR). Owner: RSPP / HSE Manager. Deadline: Day 60.
5. Consult the RLS on the updated DVR section and document the consultation. Owner: RSPP. Deadline: Day 60.
6. Verify or replace employee equipment to ensure compliance with DSE and ergonomic standards. Owner: IT / Procurement. Deadline: Day 75.
7. Complete a DPIA where remote-working arrangements create new high-risk data-processing activities. Owner: DPO. Deadline: Day 75.
8. Update the hybrid work policy and circulate to all employees with acknowledgement receipt. Owner: HR. Deadline: Day 80.
9. Deliver targeted training on remote-work risks, right to disconnect and data-security obligations. Owner: HR / HSE. Deadline: Day 90.
10. Set up a compliance calendar with recurring reminders for annual notices, DVR reviews and training renewals. Owner: HR. Deadline: Day 90.

Employers looking for additional guidance on engaging Italian labour-law practitioners can consult the Global Law Experts lawyer directory to connect with specialists.

Conclusion

The smart working rules Italy employers face under Law No. 34/2026 demand prompt, structured action. The three non-negotiable immediate steps are: delivering the annual written information notice to every smart worker and the RLS; reviewing and updating individual smart-working agreements to incorporate all mandatory clauses; and commissioning a remote-work-specific risk assessment. Employers that move quickly to close compliance gaps will not only avoid the statute’s sanctions framework but will also build a more defensible, transparent and productive remote-work programme. Those operating in Italy’s evolving regulatory landscape, including the parallel reforms around pay transparency, should treat 2026 as the year to future-proof their employment-law compliance infrastructure.

This article is provided for general informational purposes only and does not constitute legal advice. Employers should seek qualified legal counsel before acting on any of the matters discussed.

Sources

1. Gazzetta Ufficiale, Law No. 34/2026
2. Italian Ministry of Labour and Social Policies
3. INAIL, National Institute for Insurance against Accidents at Work
4. K&L Gates, Smart Working: New Rules and Sanctions for Italian Employers
5. Il Sole 24 Ore
6. Hogan Lovells, Remote Work and Occupational Health and Safety
7. Garante per la protezione dei dati personali