Get useful tips, learn best practices and read the latest newsThe Whistlelink Blog

Italian Law 231: The criminal liability of organisations

Steffano Pipitone explaining Italian Law 231.

Download our free whitepaper:

How to get compliant with the Whistleblowing Law

Italian Legislative Decree No. 231/2001 has revolutionised the regime of liability for organisations. Criminal liability for an unlawful offence is no longer the exclusive prerogative of the individual person in Italy. 

The new regulation, introduced by Lgs. Decree no. 231/2001 (Law 231), has in fact extended the liability to legal entities, for instance, companies, corporations, associations, and clubs. These can now be solely responsible for crimes committed by their employees, management, or stakeholders. 

Law 231 provides a sanctioning system, which, if an organisation is convicted, could lead to severe penalties, both of an economic nature (penalties from €24,700 up to over €1,500,000), and / or of a prohibitive nature. Examples of this second penalty include, disqualification from continuing to exercise the activity, not being permitted a contract with public administration, suspension or revocation of authorisations or licenses, exclusion from financial benefits or contributions, a ban on advertising of goods or services, or a seizure or confiscation of the profit attributed to the crime. 

These restrictive sanctions certainly represent the most critical elements of the law, especially for companies whose business is mainly focused on relations with Public Administration. 

Let us explain Law 231

It is Law 231 that has introduced the “Administrative Responsibility of legal entities” in Italy.

Formally defined as ‘administrative’, it actually relates to all forms of criminal liability, both from a substantial point of view (the prerequisite is in fact the commission of the crime), and procedural aspects (by express reference to the Code of Criminal Procedure for the criminal investigation made by the public prosecutor and for the trial in front of the court). 

In accordance with the regulations dictated by Law 231, an organisation may be challenged with autonomous liability of a crime if it relates to any of these three criteria. 

First: the nature of the alleged crime that is committed

Law 231 provides a precise (exhaustive) list of crimes that a company can be liable for. In its initial configuration, the law was focused on the purpose of prevention and repression of the corruption. However, today, a large number of legislative additions have led to a significant extension of the list of alleged crimes.   

To offer a picture of the aim of ”Model 231″, it’s worth mentioning the main areas of offences that are relevant under Law 231: 

  • Crimes against the Public Administration (corruption, embezzlement, fraud against the State or public administration, the EU, etc.) 
  • IT/computer related crimes and unlawful processing of data 
  • Organised criminal activity (criminal association with terrorist groups, drug trafficking, child exploitation) 
  • Forgery of coins, credit cards, etc 
  • Crimes against industry and commerce 
  • Corporate crimes (fake social communications, illegal distribution of profits, corruption between private parties) 
  • Offences against an individual person
  • Market abuse crimes 
  • Violation of the rules that protect safety and security of workers (injuries, manslaughter) 
  • Offences of receiving/managing stolen goods, money laundering, self-laundering 
  • Offences relating to copyright, IP, counterfeiting, etc 
  • Environmental crimes (environmental disaster, environmental destruction, sewage dumping, unauthorized waste disposal) 
  • Illegally employing third-country nationals 
  • Racism and xenophobia  
  • Fraud in sports competitions, gambling or illegal betting 
  • Tax crimes (fraudulent declaration, false invoices, concealment of accounting documents, fictitious formation of corporate capital) 
  • Human trafficking and border rights 

Second: the interest or benefit of the company

A mere act of crime being committed does not automatically take the company to a criminal trial.  

The alleged offence must be committed in the interest or for the benefit of the company. For example, think of a case where corruption has been used to close a contract or to win a tender, or a public officer is prevented from opening an investigation against a company. Or even when safety regulations are ignored to try keep business costs down or speed up the production process. The list is extensive. 

The central point is that the crime, to be relevant under Law 231, must be committed in the interest of the organisation or, at minimum, bring it an advantage. 

Third: the organisational model and supervisory body

An alleged crime being committed, that is assumed in the interest or benefit of an organisation, is relevant but not sufficient criteria to assert liability under Law 231. 

Liability is actually only applicable when the organisation involved has not equipped itself with a Model of Organisation, Governance and Control (MOGC), and has not appointed a special Supervisory Body (Organismo di Vigilanza – ODV).   

Even when there is an alleged crime, an organisation is legally exonerated from any criminal liability if it has adopted an MOGC model, and has appointed an ODV to supervise the efficiency and application of the model. 

The intention of the legislator is therefore to only sanction the “fault” of the organisations who have not equipped themselves with a virtuous organisational structure, aimed at preventing crimes from being committed. At the same time, the legislative mechanism avoids the risk of blaming a crime automatically on the organisation for a crime committed by its employees or managers.   

The adoption of an effective MOGC model therefore fulfills the primary function of exoneration, a “protective shield” for an organisation from the liability of any crime that may be committed. 

The Supervisory Body, which is independent and autonomous from the corporate administration, has the task of supervising the effectiveness of the Model and verifying that it is in line with the activities and sensitive processes followed by the organisation. The supervision carried out by the ODV is crucial. In fact, the mere adoption of an MOGC model is not enough to relieve the company of any liability. 

The interpretative approach followed by the judiciary system today is increasingly oriented towards giving weight and value to the activities carried out by the ODV. It is no coincidence that the Italian Supreme Court has repeatedly reiterated that a company’s board members respond on their own, when they have failed to properly evaluate the opportunity to adopt an MOGC model to prevent crimes covered by Law 231. 

The activity of the ODV has a deep relationship with whistleblowing, i.e. the system for reporting misconduct

Art. 6 of Law 231 expressly states that the MOGC model must provide adequate reporting channels through which to communicate illegal, irregular activities or violations of the Model. 

On this point, the EU has introduced the Directive no. 1937/2019 which aims to harmonise the protection of those who ‘blow the whistle’ across the EU. With the introduction of dedicated reporting channels, regulation of anonymous reports, protection of whistleblowers and the prohibition of retaliation. 

Lastly, it cannot be overlooked that the presence of an MOGC model is positive for the reputation of a company and its ‘legality rating’, introduced by the Italian Competition Authority (A.G.C.M). Well known in Italy, the legality rating is an indicator that the A.G.C M. gives to companies who pay particular attention to the ethical management of their business. The recognition is translated externally through ‘legality stars’ (from 1 to 3).  

In conclusion, the discipline introduced in Italy by Law 231 requires all organisations to make a serious and prudent assessment of the opportunity to equip themselves with a valid governance and control system. Which, in accordance with Law 231, provides them with a suitable solution to protect the company from the risk of committing crimes. 

Article written by Stefano F. Pipitone, member of the Italian bar . Learn more about Stefano Pipitone at 

Would you like to learn more about a whistleblowing service and safe internal reporting channels? Read more about the EU Whistleblowing Directive here and at EUR-Lex.

Are you looking for a safe and secure whistleblowing solution? Read more here.

Would you like to discuss a whistleblowing system for your organisation?
Please contact us or book a free demo!

If you have any thoughts about this article or would like to know more about Whistlelink, we’d love to hear from you.

Are you looking for a safe and secure whistleblowing solution for your organisation?Please book a free demo of our system in the calendar below!

Talk with Territory Manager
Annelie Demred

0046 (0)706 83 82 88

WEBINARThe Whistleblowing Law

Annelie DemredVP, Strategy and Growth

Are you up to date?

Wednesday   |   11:00 – 11:30

WHISTLELINK BLOGWhat to read next...​

Taking Action: Addressing suspected fraud when internal reports are ignored
Ensuring data protection in Whistleblowing Systems: A lesson learned from Bologna Airport
A new Polish draft law has officially introduced "the whistleblower"
Whistlelink resources

Download the Whitepaper

Nice to meet you!

Get in touch

Our team would like to offer you a free demo of Whistlelink.
Please select a suitable time in our calendar.

Talk with Territory Manager
Annelie Demred

0046 (0)706 83 82 88


Get in touch

Our team is ready to answer your questions. Find the answer by visiting our support centre, or fill out the form below and we'll be in touch as soon as possible. Or simply give us a call!

Talk with Territory Manager
Annelie Demred

0046 (0)706 83 82 88


Get in touch

Our team is ready to answer your questions. Find the answer by visiting our support centre, or fill out the form below and we'll be in touch as soon as possible. Or simply give us a call!

Talk with Territory Manager
Annelie Demred

0046 (0)706 83 82 88