ROME — An Italian administrative court has ruled that Italy’s recently-enacted age verification rules for adult content may not currently be enforced against sites based in other EU member states, pending further procedural action under the EU’s Directive on Electronic Commerce.
As XBIZ reported in November, Italian media regulator AGCOM announced last year that all sites and platforms hosting adult content would be required to implement age verification systems to prevent access by users under 18. Sites based in Italy were required to comply starting Nov. 12, 2025, while other sites were given until Feb. 1, 2026.
At the time, AGCOM also released a preliminary list of 45 providers to which it said the new rule would apply, including numerous high-traffic adult sites. Topping the list were Aylo-operated sites Pornhub, YouPorn and Redtube.
Aylo challenged the new rules in court, on multiple grounds. The Regional Administrative Court for Lazio put enforcement against Aylo on hold, then held a hearing on March 11.
In a ruling published Tuesday, the court upheld Aylo’s complaint on the grounds that the AV rules adopted by AGCOM do not fully comply with the “country of origin” principle enshrined in the EU’s Directive on Electronic Commerce. That directive states that online platforms “should be supervised at the source of the activity” and “should in principle be subject to the law of the Member State in which the service provider is established.”
The court ruled that while certain conditions do justify exceptions to that principle, those conditions have not yet been satisfied by AGCOM in relation to the new AV rules.
The ruling notes that an EU member state where online content is accessible cannot impose additional obligations, on top of those provided for by the legal system of the state of origin, unless certain conditions are satisfied. Specifically, the “destination” state cannot adopt restrictive measures against service providers established in the state of origin unless 1) it asks the state of origin to adopt necessary measures for protecting minors, 2) the state of origin fails to adequately adopt and implement such measures, and 3) the destination state notifies the European Commission and the state of origin of its plan to adopt additional restrictive measures.
AGCOM failed to observe this procedure, the ruling concludes, since affected companies would be compelled to comply immediately, without their states of origin having the opportunity to adopt corrective measures.
If the ruling stands, AGCOM will need to carry out the steps enumerated above before enforcing Italy’s AV law against Aylo or any other platform based in another EU member state. The ruling may be appealed to Italy’s Council of State.
Since the ruling applies only to EU Member states, it does not impact enforcement against sites based in the United States or other non-EU countries.
Cross-Border Legal Framework Still Emerging
While the court upheld Aylo’s complaint based on AGCOM’s failure to follow procedures required under the EU’s Directive on Electronic Commerce, it rejected the company’s assertion that protection of minors online is exclusively the province of the European Commission in matters already covered by the EU’s Digital Services Act.
Aylo, which is legally based in Cyprus, has engaged in legal battles in France and Germany around the question of whether individual EU nations have jurisdiction when it comes to AV requirements. In September, however, an advocate general of the European Union’s Court of Justice advised that court, in a nonbinding legal opinion, to rule that France can require pornographic websites based in other EU states to implement age verification in accordance with French law.
Similarly, the Italian administrative court stated that the process of “harmonization” between laws protecting minors online in various EU Members states remains ongoing, and only when complete will it preclude individual states from imposing additional or overlapping rules. In the meantime, the court ruled, transitional solutions such as the AGCOM rules are admissible — as long as they comply with European legislation and the Directive on Electronic Commerce.
“In the absence of a harmonized and mandatory solution at the Union level, Member States may adopt national measures which — while respecting the principles of Union law — ensure a high level of protection for minors,” the ruling reads.
The ruling also indicates that one metric of harmonization will be the broad availability of the EU Digital Identity Wallet.
As XBIZ reported last year, the European Commission launched a pilot program for its “white label” age verification app, which is intended to be incorporated into digital wallets and to help sites and platforms comply with age verification rules under the DSA. The AGCOM regulations require that AV systems accommodate use of the app, which is also being tried out in Denmark, France, Greece and Spain.
Aylo has been participating in that pilot program.
