10 Things to Prepare for Italian Sunshine Reporting
Table of content
- 1. Know the phases and timelines of Italian Sunshine Reporting
- 2. Prepare organizationally
- 3. Strengthen governance and procedures
- 4. Build system readiness
- 5. Ensure correct data upload format
- 6. Monitor high-risk HCP/HCO interactions
- 7. Prepare error-free reports with no duplicates
- 8. Report complete data with no missing spend
- 9. Map reportable interactions and recipients
- 10. Partner with a smart compliance solution provider
Author
May Khan guida il team Compliance Services di Vector Health, società SaaS specializzata nella compliance per il settore life sciences. La sua esperienza include il reporting sulla trasparenza a livello globale, la strategia legata al Sunshine Act e il monitoraggio dei rischi relativi agli HCP. In Vector coordina team interfunzionali dedicati all’integrità dei dati, al servizio clienti e all’allineamento normativo.
Vector Health Compliance
Il principale partner in Italia per la conformità al Sunshine Act
Cerchi supporto per la compliance al Sunshine Act?
Hai domande pratiche?
Dai un’occhiata alla nostra sezione Domande Frequenti per risposte chiare su scadenze, obblighi e strategie.
Life science compliance teams in Italy cannot afford to treat Italian Sunshine reporting as a once-a-year scramble. Instead, the most effective companies will start to treat preparation as a year-round compliance discipline.
If you’re a compliance officer at a pharmaceutical, medical technology, biotech, or any company operating within the Italian healthcare sector that regularly interacts with HCPs/HCOs, here is what you need to start doing to be fully ready before Sanità Trasparente goes live later this year.
1. Know the phases and timelines of Italian Sunshine Reporting
The operational implementation of the Italian Sunshine Act is structured into three main phases:
- Data collection during the first semester following the law’s activation
- Processing and transmission of the data to the Ministry of Health during the following semester (reporting window)
- Publication of the data on the Transparent Health portal one week after the reporting window closes
For example, if the official notice is published by December 2025, companies will begin collecting data from January to June 2026, transmit it between July and December 2026, and the data will become publicly visible starting January 7, 2027. However, there are rumours that the data collection could start as early as October 2025 to ensure timely and accurate reporting of H1 2026 data in the initial submission cycle. It is essential that companies correctly assign transfers to the relevant semester based on either the accrual date or the payment date—highlighting the need for early internal coordination. We discuss more on this in our webinar summary that you can download here.
2. Prepare organizationally
One of the most pressing steps for companies preparing for Italian Sunshine reporting is the internal designation of responsibilities. The law requires that each company identify a responsible party for reporting, and in many cases, this may involve issuing a formal proxy (procuratore speciale) and filing it at the Chamber of Commerce. Importantly, the law distinguishes between the person responsible for the content of the data and the individual responsible for the upload process. These roles can be separated, but clarity is critical, especially in multinationals where data may be prepared abroad and uploaded in Italy.
In practice, companies must ensure that the designated person has not only the authority on paper, but also the visibility and access needed to collect data across departments. Third parties acting as intermediaries (such as agents, travel agencies, or ECM providers) do not relieve the company of accountability, meaning the manufacturer always remains the responsible reporting entity.
To manage this complexity, companies are encouraged to maintain internal mapping tables that clearly identify beneficiaries, intermediaries, and transaction types. This structure avoids ambiguity when audits or disputes arise and provides traceability for up to five years after the report is filed.
3. Strengthen governance and procedures
A strong compliance framework starts with clear governance. Companies should develop written procedures that outline how data will be collected, validated, and retained across functions. These procedures should be embedded into the company’s 231 compliance model, both to provide a legal safeguard and to ensure structured oversight of potential corporate liability.
Assigning roles across Legal, Compliance, and Finance is essential so that no department operates in isolation. A designated responsible party should have both the mandate and the authority to access the data they need, ensuring accountability is real rather than symbolic.
4. Build system readiness
Preparing for Italian Sunshine reporting also means ensuring that internal systems are fit for purpose. CRM and ERP platforms, including SAP, will need updates to handle specific requirements such as ISTAT codes for geographic data, standardized professional codes, and strict naming conventions. Without these updates, companies risk producing files that fail technical validation or create inconsistencies in reporting.
Testing these systems early is critical, since small errors such as a misformatted location or incomplete identifier can compromise the validity of an entire file. Internal test uploads using the Ministry’s XML validator should be built into the compliance calendar well before reporting deadlines.
Our expert, Edoardo Lazzarini, emphasized this in our recent webinar on Italian Sunshine Reporting preparation, saying:
“While the law sets the rules, operational excellence will determine compliance. Internal alignment, testing, and role clarity are critical, especially given the lack of a manual correction function and the high volume of data many companies will process.”
5. Ensure correct data upload format
Unlike other European transparency codes, the Italian Sunshine Act does not allow manual entry of data into the Sanità Trasparente registry. Every transaction must be uploaded in XML format using the official XSD schemas provided by the Ministry of Health. Two separate schemas exist, one for transfers of value and agreements, and another for equity interests and royalties.
Companies can choose to submit one file containing up to 50,000 transactions or multiple smaller files. However, there is a significant limitation: if one error is identified in a file, the entire file must be deleted and re-uploaded in corrected form. This “all-or-nothing” rule means that robust version control and transaction tracking systems are essential. Upload windows are also fixed: once a reporting window closes, corrections cannot be made directly in the system. Instead, companies must request that the Ministry reopen the window before resubmitting.
6. Monitor high-risk HCP/HCO interactions
Beyond systems and procedures, compliance teams should focus on monitoring the timing and context of value transfers. Public procurement remains a particularly high-risk area, with authorities scrutinizing transfers occurring in the three months before and after tender awards. Companies should implement time-window reviews to flag interactions with HCPs or HCOs during these sensitive periods. This does not mean halting legitimate scientific or educational activity, but rather documenting decisions and ensuring there is no perception of undue influence. Demonstrating proactive monitoring and contextual evaluation strengthens the company’s defense if questions arise later from the Guardia di Finanza or judicial authorities.
7. Prepare error-free reports with no duplicatesi
Ensuring that reports are error-free begins with eliminating duplicate entries. Duplicate transactions not only inflate the reported spend but also undermine the accuracy and reliability of disclosures, potentially raising questions from regulators about data quality and internal controls. Companies should implement automated checks within their reporting systems to identify and prevent duplicates, and they should reconcile datasets from compliance functions to catch discrepancies before submission.
8. Report complete data with no missing spend
Equally critical is guaranteeing that no eligible transfer of value (ToV) is left unreported. Missing spend, whether small consultancy fees, indirect sponsorships through third parties, or travel reimbursements, can create the impression of concealment, even if unintentional. A structured review process that involves cross-functional validation ensures all ToVs are captured. By comparing CRM data, invoices, and contracts against reporting requirements, compliance teams can close gaps and demonstrate a full, transparent record of interactions.
9. Map reportable interactions and recipients
An accurate report begins with visibility. Companies should maintain an internal map of all ToVs, intermediaries, and beneficiaries across business units. This prevents last-minute surprises and ensures that no ToV is left undocumented. In addition, check if exemptions apply (e.g., R&D payments, indirect sponsorships) and that they are reported or excluded in line with Italian sunshine act requirements. Our blog post, Non-Reportable Transfers of Value and our FAQs discuss some common exemptions that compliance officers may think are reportable but in fact, they are exempt from being reported under the Italian Sunshine Act.
Un report accurato parte dalla visibilità. Le aziende dovrebbero mantenere una mappa interna di tutti i ToV, degli intermediari e dei beneficiari, suddivisi per unità di business. Ciò consente di evitare sorprese dell’ultimo minuto e garantisce che nessun ToV resti non documentato.
10. Partner with a smart compliance solution provider
Partnering with the right compliance solution provider can make the difference between meeting Italian Sunshine Act obligations smoothly and struggling with costly errors. The ideal partner brings deep expertise in Italian and global transparency frameworks, ensures right-sized resources that adapt to your reporting needs, and offers a global footprint to manage multi-country requirements with local precision.
Equally important are technology-driven processes that streamline reporting through AI-powered platforms and standardized workflows, paired with proven operational reliability in managing daily compliance tasks. Together, these capabilities reduce internal strain, strengthen accuracy, and give life science companies confidence in their compliance outcomes.
If you’re looking for recommendations on transparency reporting and compliance solution providers, check our page on Recommended Compliance Partners.
Table of content
- 1. Know the phases and timelines of Italian Sunshine Reporting
- 2. Prepare organizationally
- 3. Strengthen governance and procedures
- 4. Build system readiness
- 5. Ensure correct data upload format
- 6. Monitor high-risk HCP/HCO interactions
- 7. Prepare error-free reports with no duplicates
- 8. Report complete data with no missing spend
- 9. Map reportable interactions and recipients
- 10. Partner with a smart compliance solution provider
Life science compliance teams in Italy cannot afford to treat Italian Sunshine reporting as a once-a-year scramble. Instead, the most effective companies will start to treat preparation as a year-round compliance discipline.
If you’re a compliance officer at a pharmaceutical, medical technology, biotech, or any company operating within the Italian healthcare sector that regularly interacts with HCPs/HCOs, here is what you need to start doing to be fully ready before Sanità Trasparente goes live later this year.
1. Know the phases and timelines of Italian Sunshine Reporting
The operational implementation of the Italian Sunshine Act is structured into three main phases:
- Data collection during the first semester following the law’s activation
- Processing and transmission of the data to the Ministry of Health during the following semester (reporting window)
- Publication of the data on the Transparent Health portal one week after the reporting window closes
For example, if the official notice is published by December 2025, companies will begin collecting data from January to June 2026, transmit it between July and December 2026, and the data will become publicly visible starting January 7, 2027. However, there are rumours that the data collection could start as early as October 2025 to ensure timely and accurate reporting of H1 2026 data in the initial submission cycle. It is essential that companies correctly assign transfers to the relevant semester based on either the accrual date or the payment date—highlighting the need for early internal coordination. We discuss more on this in our webinar summary that you can download here.
2. Prepare organizationally
One of the most pressing steps for companies preparing for Italian Sunshine reporting is the internal designation of responsibilities. The law requires that each company identify a responsible party for reporting, and in many cases, this may involve issuing a formal proxy (procuratore speciale) and filing it at the Chamber of Commerce. Importantly, the law distinguishes between the person responsible for the content of the data and the individual responsible for the upload process. These roles can be separated, but clarity is critical, especially in multinationals where data may be prepared abroad and uploaded in Italy.
In practice, companies must ensure that the designated person has not only the authority on paper, but also the visibility and access needed to collect data across departments. Third parties acting as intermediaries (such as agents, travel agencies, or ECM providers) do not relieve the company of accountability, meaning the manufacturer always remains the responsible reporting entity.
To manage this complexity, companies are encouraged to maintain internal mapping tables that clearly identify beneficiaries, intermediaries, and transaction types. This structure avoids ambiguity when audits or disputes arise and provides traceability for up to five years after the report is filed.
3. Strengthen governance and procedures
A strong compliance framework starts with clear governance. Companies should develop written procedures that outline how data will be collected, validated, and retained across functions. These procedures should be embedded into the company’s 231 compliance model, both to provide a legal safeguard and to ensure structured oversight of potential corporate liability.
Assigning roles across Legal, Compliance, and Finance is essential so that no department operates in isolation. A designated responsible party should have both the mandate and the authority to access the data they need, ensuring accountability is real rather than symbolic.
4. Build system readiness
Preparing for Italian Sunshine reporting also means ensuring that internal systems are fit for purpose. CRM and ERP platforms, including SAP, will need updates to handle specific requirements such as ISTAT codes for geographic data, standardized professional codes, and strict naming conventions. Without these updates, companies risk producing files that fail technical validation or create inconsistencies in reporting.
Testing these systems early is critical, since small errors such as a misformatted location or incomplete identifier can compromise the validity of an entire file. Internal test uploads using the Ministry’s XML validator should be built into the compliance calendar well before reporting deadlines.
Our expert, Edoardo Lazzarini, emphasized this in our recent webinar on Italian Sunshine Reporting preparation, saying:
“While the law sets the rules, operational excellence will determine compliance. Internal alignment, testing, and role clarity are critical, especially given the lack of a manual correction function and the high volume of data many companies will process.”
5. Ensure correct data upload format
Unlike other European transparency codes, the Italian Sunshine Act does not allow manual entry of data into the Sanità Trasparente registry. Every transaction must be uploaded in XML format using the official XSD schemas provided by the Ministry of Health. Two separate schemas exist, one for transfers of value and agreements, and another for equity interests and royalties.
Companies can choose to submit one file containing up to 50,000 transactions or multiple smaller files. However, there is a significant limitation: if one error is identified in a file, the entire file must be deleted and re-uploaded in corrected form. This “all-or-nothing” rule means that robust version control and transaction tracking systems are essential. Upload windows are also fixed: once a reporting window closes, corrections cannot be made directly in the system. Instead, companies must request that the Ministry reopen the window before resubmitting.
6. Monitor high-risk HCP/HCO interactions
Beyond systems and procedures, compliance teams should focus on monitoring the timing and context of value transfers. Public procurement remains a particularly high-risk area, with authorities scrutinizing transfers occurring in the three months before and after tender awards. Companies should implement time-window reviews to flag interactions with HCPs or HCOs during these sensitive periods. This does not mean halting legitimate scientific or educational activity, but rather documenting decisions and ensuring there is no perception of undue influence. Demonstrating proactive monitoring and contextual evaluation strengthens the company’s defense if questions arise later from the Guardia di Finanza or judicial authorities.
7. Prepare error-free reports with no duplicatesi
Ensuring that reports are error-free begins with eliminating duplicate entries. Duplicate transactions not only inflate the reported spend but also undermine the accuracy and reliability of disclosures, potentially raising questions from regulators about data quality and internal controls. Companies should implement automated checks within their reporting systems to identify and prevent duplicates, and they should reconcile datasets from compliance functions to catch discrepancies before submission.
8. Report complete data with no missing spend
Equally critical is guaranteeing that no eligible transfer of value (ToV) is left unreported. Missing spend, whether small consultancy fees, indirect sponsorships through third parties, or travel reimbursements, can create the impression of concealment, even if unintentional. A structured review process that involves cross-functional validation ensures all ToVs are captured. By comparing CRM data, invoices, and contracts against reporting requirements, compliance teams can close gaps and demonstrate a full, transparent record of interactions.
9. Map reportable interactions and recipients
An accurate report begins with visibility. Companies should maintain an internal map of all ToVs, intermediaries, and beneficiaries across business units. This prevents last-minute surprises and ensures that no ToV is left undocumented. In addition, check if exemptions apply (e.g., R&D payments, indirect sponsorships) and that they are reported or excluded in line with Italian sunshine act requirements. Our blog post, Non-Reportable Transfers of Value and our FAQs discuss some common exemptions that compliance officers may think are reportable but in fact, they are exempt from being reported under the Italian Sunshine Act.
Un report accurato parte dalla visibilità. Le aziende dovrebbero mantenere una mappa interna di tutti i ToV, degli intermediari e dei beneficiari, suddivisi per unità di business. Ciò consente di evitare sorprese dell’ultimo minuto e garantisce che nessun ToV resti non documentato.
10. Partner with a smart compliance solution provider
Partnering with the right compliance solution provider can make the difference between meeting Italian Sunshine Act obligations smoothly and struggling with costly errors. The ideal partner brings deep expertise in Italian and global transparency frameworks, ensures right-sized resources that adapt to your reporting needs, and offers a global footprint to manage multi-country requirements with local precision.
Equally important are technology-driven processes that streamline reporting through AI-powered platforms and standardized workflows, paired with proven operational reliability in managing daily compliance tasks. Together, these capabilities reduce internal strain, strengthen accuracy, and give life science companies confidence in their compliance outcomes.
If you’re looking for recommendations on transparency reporting and compliance solution providers, check our page on Recommended Compliance Partners.
Author
May Khan guida il team Compliance Services di Vector Health, società SaaS specializzata nella compliance per il settore life sciences. La sua esperienza include il reporting sulla trasparenza a livello globale, la strategia legata al Sunshine Act e il monitoraggio dei rischi relativi agli HCP. In Vector coordina team interfunzionali dedicati all’integrità dei dati, al servizio clienti e all’allineamento normativo.
Vector Health Compliance
Il principale partner in Italia per la conformità al Sunshine Act
Cerchi supporto per la compliance al Sunshine Act?
Hai domande pratiche?
Dai un’occhiata alla nostra sezione Domande Frequenti per risposte chiare su scadenze, obblighi e strategie.