On 31 May 2022, the Italian Parliament approved Law 62/2022, also known as the Sunshine Act.  The Sunshine Act entered into force on 26 June 2022.  However, it will become fully enforceable once the Ministry of Health sets up the Public Register where companies will have to disclose their data and issues the necessary implementing acts.  This means that realistically the new transparency system will not be operational before 2023.  Nonetheless, it is critical that companies operating in Italy make sure that they are ready when the time comes.  Here, we outline some of the key features of the new Sunshine Act and the steps that companies could take in preparation.

Main differences with the transparency rules of the industry codes

Prior to the approval of the Sunshine Act, only member companies of trade associations, such as Farmindustria or Confindustria Dispositivi Medici, were under the obligation to disclose the transfers of value made to healthcare professionals (“HCP”) and organizations (“HCO”).  Non-member companies of those trade associations had no corresponding obligation, although many of those companies disclosed their transfers on a voluntary basis, following the provisions of the trade associations’ Codes of Ethics as best practice.

Now, all pharmaceutical companies operating in Italy will be under the obligation to disclose those transfers of value.  In particular, the Sunshine Act applies to any subject which directly or indirectly exercises an activity “aimed at the production or the placing on the market of pharmaceutical products, devices, instruments, goods and services, even of a non-health nature that can be marketed in the context of human and veterinary health”. 

According to the Sunshine Act, companies must report and disclose all their transfers of value, without exclusions.  This means that categories of transfers such as those for promotional materials, meals and medical samples, which are exempted under the industry codes, will also have to be disclosed under the Sunshine Act, provided they exceed a fixed threshold.

Additionally, the industry codes provide for the possibility of disclosing data on transfers in an aggregate form, rather than individually, in two circumstances: when collecting individual consent would not be possible or when the transfer concerns R&D expenses.  The Sunshine Act, however, excludes this option and requires companies to always disclose their transfers on an individual basis.

Transparency obligations under the Sunshine Act: the who, what, when, where and how

Under the Sunshine Act companies operating in Italy that produce or market medicinal products in Italy are in scope of the new transparency obligations.  Arguably, the Sunshine Act has a broad scope of application.  However, it is possible that, for example, a company manufacturing products which are still in the clinical investigation phase would not fall under that definition, as those products could not be considered as produced or placed on the market.

In any event, companies are required to disclose three distinct categories of transfers:

  1. Every semester – Transfers of money, goods, services or other benefits (“ToV”) occurred in the preceding semester and made to: (i) an HCP – when the individual value of the transfer exceeds €100 or the annual overall amount exceeds €1,000; and (ii) an HCO – when the individual value of the transfer exceeds €1,000 or the annual overall amount exceeds €2,500.
  2. Every semester – Agreements with HCP and HCO providing them with direct or indirect benefits “consisting of participation in conferences, training events, committees, commissions, advisory bodies or scientific committees or the establishment of consulting, teaching or research relationships” (“Agreements”) that have been stipulated with them in the preceding semester.
  3. By 31 January of each year – The details of those HCPs and HCOs that (i) holds quotas, shares or bonds in the company (“Shares”), or (ii) received fees from the company for the economic exploitation of their intellectual property licenses (“Licenses”), in the previous year.

Companies must disclose their transfers on a dedicated online database, publicly accessible, that will be set up and managed by the Ministry of Health within 6 months following the entry into force of the Sunshine Act (i.e., by 26 December 2022).  The database will be called “Sanità Trasparente”, will be composed of distinct sections for ToV, Agreements, Shares and Licenses, and will also include a section, equally public, for sanctions imposed on companies that are found in violation of the transparency obligations.  The data stored on the database (with the exception of sanctions) could be freely searched and sorted by the public for at least 5 years following publication. 

Finally, within 3 months from the entry into force of the Sunshine Act, the Ministry of Health in collaboration with the Agency for Digital Italy (AgID), the National Anticorruption Authority (ANAC) and, most importantly, the Italian Data Protection Authority (Garante Privacy), will decide on the structure of the database Sanità Trasparente, including its technical features and the procedure through which companies will submit their data online.  In practice, the system is set to incorporate privacy features by design and by default.

This means that, if the Ministry of Health sets up the database within the proposed timeframe, companies will have to disclose:

  • from the second semester of 2023, the ToV and the Agreements for the first semester of 2023;
  • from 31 January 2024, the Shares and Licenses for the year 2023.

As anticipated, the data that companies will have to disclose on the basis of the above will have to be disclosed exclusively on an individual basis.  To this end, the Sunshine Act establishes that privacy consent is considered provided at the moment when the HCP or HCO accepts the ToV or signs the Agreements or obtains the Shares or the Licenses.  Because the Sunshine Act rejects entirely the disclosure in an aggregate form, the R&D expenses will be disclosed as well on an individual basis and, arguably, with the data on Agreements.

Even though HCP or HCO consent is automatically provided, companies are still under the obligation to inform them of the disclosure by providing them with a privacy notice that must clarify, at a minimum, that their data will be published on the Ministry’s database Sanità Trasparente and their rights to lodge a complaint.

Enforceability of the Sunshine Act

Companies that do not comply with the transparency obligations of the Sunshine Act may incur in severe fines for each of the non-reported transfers.  For example, if a company omits to report a ToV, it may receive a fine of €1,000 increased by 20 times the amount of the non-reported ToV.  Non-complying companies would also face reputational damages.  As a matter of fact, fines also will be made public and freely searchable on the database Sanità Trasparente for at least 90 days following their publication.

Finally, the Sunshine Act provides that every individual may inform the Ministry of Health that a company is violating its transparency obligations.  Indeed, the Sunshine Act establishes that a violation of the transparency obligations constitutes a ground for whistleblowing reports. 

Critical steps that companies could take to get ready

Companies may make use of the transitional time preceding the full implementation of the Sunshine Act to get ready for what is to come.  Here are five steps we suggest companies could take:

Step 1: Review their internal policies, including those on the interactions with HCPs and HCOs and on disclosure of relations with pharmaceutical companies.

Step 2: Review their existing template agreements and implement the necessary changes.

Step 3: Review their privacy notices and draft or amend their existing notices to take into account the information obligation of the Sunshine Act.

Step 4: Establish an internal monitoring mechanism ensuring compliance with the collection and submission obligations of the Sunshine Act.

Step 5: Deliver awareness training to those in charge of the relevant internal functions.


If you have questions, please contact us.  This article is intended to provide general information about legal developments.  Its content does not constitute legal advice.

Photo of Dr. Dr. Adem Koyuncu Dr. Dr. Adem Koyuncu

Adem Koyuncu is double qualified as a lawyer and medical doctor and a partner in our Brussels and Frankfurt office. He is a chair of the firm’s “Food, Drug & Device” practice group and also a member of our Compliance practice. Adem is…

Adem Koyuncu is double qualified as a lawyer and medical doctor and a partner in our Brussels and Frankfurt office. He is a chair of the firm’s “Food, Drug & Device” practice group and also a member of our Compliance practice. Adem is recognized as a “leading lawyer for pharma and medical devices law” (JUVE 2021).

Adem helps clients on a wide range of EU and German law issues, including regulatory, compliance, privacy and liability matters. He also provides strategic advice. He knows the life sciences sector also from his earlier work in the pharmaceutical industry and as a medical doctor. He represents clients before courts and authorities and assists them in contract negotiations, investigations and transactions. For years, Adem is listed in various lawyer rankings.

See some Accolades from Clients and Surveys:

  • “He is one of the most detail-oriented and client-focused partners I have ever encountered.” (Client, Chambers 2021)
  • „Great professional and human competence, good team player.“ (Client/Adverse Party, JUVE 2022)
  • “I find him to be one of the most pragmatic regulatory lawyers. He was a doctor before a lawyer, has been in-house, worked on lots of stuff that I have to handle in-house, which helps when getting advice. He is really good at saying it’s a complex situation and your best option is to do this.” (Chambers 2022)
  • “He always comes through with extremely helpful advice. He brings a unique understanding and experience to his practice as both a lawyer and medical doctor.” (Chambers 2021)
  • “Adem Koyuncu is not only a lawyer but also a doctor and has worked in industry. He knows the perspectives that also move in-house lawyers.” (Legal 500 2022)
  • “He is very sharp and quick, while at the same time having a good sense of humor and nerves of steel. Very pleasant to work with.” (Legal 500 2022)
  • He is described as “versatile competent, reliable and high quality” (JUVE 2021) and “incredibly fast.” (JUVE 2018)
  • Provides advice at “an outstanding level.” (Legal 500 2015)
  • “Very strong negotiation skills.” (JUVE 2011)
  • Clients appreciate his “very broad knowledge and long-standing expertise” (JUVE 2021/22) and that “he is approachable, knowledgeable and really easy to talk to over the various issues. He is calm and has seen most problems before.” (Chambers 2020)
  • Peer lawyers described him as “highly competent” and a “very good and pleasant lawyer” (JUVE 2014) and as “the off-label-guru, substantively very good, creative.“ (JUVE 2022)

Adem is the author of numerous publications (e.g., in leading books on pharma law, product liability and clinical trials) and frequent speaker at different events. As such, he will soon speak at following events:

  • “Medical Device Liability and Risk Transfer 2.0 | A liability issue for the Management?!,” BVMed, Webinar (3/24/2023)
  • “Data Protection Requirements and Open Issues in the Pharma Sector – Status quo,” Speech at conference, 26. Marburger Gespräche zum Pharmarecht, Marburg (3/16/2023)
  • “Vendor Oversight & Vendor (Quality) Management in the Pharma Industry,” FORUM-Institut, Online Seminar (4/19/2023)