Council of State: the consent of the PA and a limitation on decision-making automation are needed for the use of Artificial Intelligence in public procurement.

The recent ruling no. 8092/2025 of the Council of State offers a very clear signal to those working in the procurement sector: artificial intelligence can enter public tenders, but only if the public administration knows, understands and expressly authorizes it. The case stems from a tender for cleaning and sanitation services in facilities of the National Health Service, in which the winning company had stated that it used AI tools, including ChatGPT-4, to organize and manage services. The competing company challenged the commission's assessment, questioning – in watermark – the very lawfulness of the use of these technologies in the execution of the contract. The Council of State rejected the appeal, but took the opportunity to recall some fundamental principles: the administration cannot limit itself to "suffering" the innovation proposed by economic operators, it must evaluate it, approve it and remain in control of the way in which it is used.

This orientation is grafted onto a regulatory framework that in the meantime has become quite articulated. The new Public Procurement Code (Legislative Decree 36/2023) encourages contracting authorities to automate their processes also through artificial intelligence, but sets precise conditions: the PA must be able to access the technical documentation that explains how the system works, it must ensure that automated decisions are understandable, non-discriminatory and never completely "blind", i.e. left to the algorithm without the possibility of human intervention. The subsequent law 132/2025 reiterates that the machine has only a support role: the responsibility for the measure always remains with the natural person who signs it. In other words, AI can assist, but not replace, administration.

When the use of AI involves the processing of personal data – as is often the case in healthcare services or in the management of large volumes of user information – an additional layer of constraints is added. The legislation requires economic operators to expressly declare the processing of data and obtain consent in the provided channels, but this is not enough. The administration must verify that the systems used comply with the principles of the GDPR: lawfulness, transparency, minimization, security. In addition, it must be put in a position to know if, where and how AI algorithms or models are used, and to intervene if risks or critical issues emerge.

The overall message that emerges from the ruling and the new legislation is quite clear: in public contracts, the use of artificial intelligence is not a unilateral choice of the company, nor a simple technical detail hidden in the offer. It is an element that affects the way in which the service is provided and the legal position of users, and for this reason it requires informed consent and continuous control by the PA. Contracting authorities, for their part, can no longer limit themselves to evaluating prices and technical scores in the abstract: they must develop skills to understand the proposed AI solutions, introduce clauses in tenders that clearly regulate their use and ensure that technological innovation always remains at the service of the public interest, not the other way around.