Commercial contracts: how to (re)negotiate in light of Covid-19



The current emergency situation and the containment measures issued in the last month led to severe limitations on the operation of companies and commercial activities, thus leading to delays or even to the impossibility of fulfilling contractual obligations. Moreover, the pandemic, that can be qualified as an unforeseeable and extraordinary event, assumes relevance as a factor that could lead to an alteration of the contractual balance.

Our professionals, constantly updated, have been questioning themselves about the remedies available to operators and companies both for agreements currently in force and for agreements still under negotiation.

For agreements currently in force between the parties, in particular for long term agreements, the principle of contractual fairness and good faith, in force under Italian law, plays a fundamental role, which shall allow the parties to renegotiate the contents and the mutual obligations, in order to avoid the termination of the agreement.

With reference, instead, to the agreement that are currently being negotiated and stipulated, greater attention shall have to be paid to their contents, in particular through the provision of specific 'Covid-19' clauses, by which, in principle, the parties acknowledge the existence of the issue, and by accepting it, they are obliged to renegotiate the agreement if the health emergency should persist in the medium-long term.

The attention paid to these problems can be observed in light of Article 91 of the so called “Cura Italia” Decree, which is a provision of considerable interest. Indeed, Article 91 provides that compliance with the containment measures implemented in order to face the Covid-19 shall always be considered for the purpose of excluding the debtor’s liability for failure or late performance of its due obligation.

Moreover, in order to protect Italian companies, with particular regard to their international relations, due consideration shall be given to the possibility of including, at the time of the conversion in Law of the “Cura Italia” Decree or in the decree scheduled for April 2020, a provision aiming at protecting export activities, which shall provide that the progressive restrictions (up to the closure) of many economic activities and the limitations on the movement of employees and collaborators may integrate a "force majeure event", such as to exclude the supplier's liability in the event of failure or delay in fulfilling its contractual obligations.

In the meantime, in line with the practice of other foreign legal systems, including the Chinese one, in order to deal with the health emergency also from an economic and commercial point of view, the MISE (Ministry of Economic Development) issued a measure on March 25, 2020 (link) authorizing the Chambers of Commerce and UNIONCAMERE to issue certificates in English attesting the declarations of companies regarding the existence of force majeure causes due to the Covid-19 emergency. Such certificates could prove to be very useful especially in international contracts and litigation.

Certificates are expected to be issued by each chamber.

For further information, please contact Carlo Impalà, Partner (

Morri Rossetti editing the ICLG concerning Data Protection for the Italian section



The Firm informs you that Carlo Impalà – our Head of the TMT and Data Protection Dept. – has contributed to the Italian section of the prestigious “ICLG International Comparative Legal Guide” on cross-border Data Protection regulations (attached for your ease of reference, or available at

The purpose of the guide is to provide a practical insight on data protection regulations worldwide.

ICLG, published by Global Legal Group, is a comparative guide which analyzes 50 different legal areas in 188 jurisdictions.

The document contains the answers to a series of questions aimed at helping the reader to navigate and understand regulations in different countries, thus making them easier to comprehend.

To consult the free guide, click here or download the pdf attached.



Labour law

Dear All,

during 2018, in Italy, the new Government proposed a lot of changing about our labour law: in particular, about fixed-term contracts, staff agencies contract, individual dismissal.

With the attached newsletter, we offer a brief overview!

Please, don’t hesitate to contact us for more information and, moreover, for all assistance about labour law and industrial relation you may need.

We wish you a Merry Christmas and a Happy New Year!!

Giovanni A. Osnago Gadda

The new Italian data protection legislation saves the former Privacy Code adapting it to the changes introduced by the GDPR


TMT and Data Protection

On August 10, 2018, the Italian Legislative Decree no. 101/2018 (the “Legislative Decree”) adapting the Italian data protection legislation previously in force to the General Data Protection Regulation (“GDPR”) has been finally approved – after a long waiting period – and will come into force on September 19, 2018.

The Italian legislator has decided to provide for a partial and not a total repeal of the former Legislative Decree 196/2003, known as “Privacy Code”, keeping the provisions of the Privacy Code already aligned to the content of the GDPR.

Here below a summary of the key provisions of the Legislative Decree no. 101/2018:

  • administrative sanctions (article 22, §13): for the first 8 months starting from the date of entry into force of the Legislative Decree, the Italian Data Protection Authority will adopt a gradual approach in applying the administrative sanctions – in so far as it is compatible with the provisions of GDPR – in view of the fact that this will be the first application phase of the sanctions;
  • criminal sanctions for infringement of data protection rules (articles 167 bis and 167 ter): the Legislative Decree confirms the importance of the criminal sanctions provided for by the Privacy Code and introduces new types of criminal offence (g. the unlawful disclosure and diffusion of personal data processed on large scale and fraudulent acquisition of personal data processed on large scale). In particular, the unlawful disclosure and dissemination of personal data processed on large scale consists of communication or diffusion of an automated data file, or a substantial part thereof, containing personal data being processed on a large scale in order to achieve a profit for themselves or others or in order to cause damage to third parties; the fraudulent acquisition of personal data processed on large scale consists of the acquisition by fraudulent means of an automated data file or a substantial part thereof, containing personal data being processed on a large scale. Both offences are punished with the sanction of the imprisonment (for a period of between one and six years in case of unlawful disclosure and diffusion of personal data on large scale, and between one to four years in case of fraudulent acquisition of personal data on large scale);
  • data concerning health, biometric data, genetic data (article 6): in continuity with the significant practice of the Italian Data Protection Authority (one of the most productive in EU), the processing of such kind of personal data will be carried out in accordance with the safeguard measures enacted by the same Authority every two years. This provision is of key importance for companies processing special categories of data relying on previous authorizations pursuant to the Privacy Code. Indeed, these companies will need to take into account the safeguard measures provided by the Data Protection Authority when processing these data;
  • children’s consent (article 2 quinquies): the Legislative Decree reduces to 14 years the minimum age for giving a legitimated and autonomous consent in relation to the offer of the information society services directly to children. Where children are below the age of 14 years, such processing is lawful to the extent that consent is given or authorized by the holder of parental responsibility;
  • simplified modalities of compliance with the GDPR for small and medium-sized enterprises (article 154 bis,§4): the Italian Data Protection Authority will promote through guidelines simplified measures for SMEs to comply with the GDPR;
  • codes of ethics and general authorizations (Articles 20 and 21): the previous provisions of the code of ethics will continue to produce effects until the approval’s procedure conducted by the Italian Data Protection Authority, while in relation to the general authorizations provided for by the previous Privacy Code the Legislative Decree draw a distinction. The general authorizations on matters delegated by the GDPR to the Member States regarding data processing necessary for compliance with a legal obligation to which the controller is subject or for a performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (specifically pursuant to Articles 6.1 (c) and (e) and 9.2 (b) and (4) as well as Chapter IX of the GDPR) are subject to a verification procedure of compatibility with the GDPR, and they will apply until the publication of an order by the Italian Data Protection Authority. Whereas, the other general authorizations other than those indicated above will cease to produce effects from the date of entry into force of the Legislative Decree.

What happens with the pending proceedings before the Italian Data Protection Authority at the date of 25 May 2018 (date of application of the GDPR)? The Legislative Decree establishes a simplified procedure to define them, by paying two-fifths of the sanction provided for by the former Privacy Code within 90 days from the date of entry into force of the Legislative Decree.

In the light of the above, we suggest the companies to take into serious account the new provisions of the Italian data protection legislation that integrate those provided by GDPR. Indeed, not only these provisions are mandatory but they also clarify and simplify many of the fulfilments introduced by the GDPR. Therefore, in order to achieve a full compliance with the applicable data protection legislation it is necessary that the adaptation process to the GDPR already carried out by the companies before the 25 May 2018 will also take in due account the further provisions of the Legislative Decree no. 101/2018 as well as the clarifications, guidelines and measures that will be issued by the Italian Data Protection Authority in the near future on the basis of the Legislative Decree.

For further information, please contact Carlo Impalà (, Head of the Digital-ICT and Data protection team.



General and alert


Legal notices

I, the undersigned, having read the privacy notice available via this link in its entirety, I consent, by sending the request for subscription, to the processing of my personal data for the purposes referred to in § 4 section C, for the subscription to the mailing list of Morri Rossetti in order to receive information and/or commercial communications.

Accept terms and conditions