Sunshine Act – EFPIA vs. Italian Regulatory Framework
Author
Of Counsel, Head of Life Sciences & Healthcare Regulatory, Milano
BonelliErede
With over 20 years of experience assisting clients, both in and out of court, Giuseppe has in-depth and cross-disciplinary knowledge of the pharmaceutical sector, with expertise spanning healthcare, pharmaceutical, and medical device law, commercial contracts (e.g., clinical trials, supplies, services, consulting, sponsorships, distribution agreements), product liability, medical and healthcare liability, as well as anti-corruption and corporate administrative liability pursuant to Legislative Decree 231/2001.
Cerchi supporto per la compliance al Sunshine Act?
Hai domande pratiche?
Dai un’occhiata alla nostra sezione Domande Frequenti per risposte chiare su scadenze, obblighi e strategie.
Introduction
There are material divergences between the disclosure requirements set out by the European Federation of Pharmaceutical Industries and Associations (EFPIA) and those established under Italian Law No. 62 of 31 May 2022 (the “Sunshine Act”). The most fundamental distinction concerns their legal nature: the EFPIA framework is a self-regulatory regime, whereas the Sunshine Act imposes statutory, mandatory obligations enforceable by public authorities. Under the EFPIA Code of Practice, member companies comply by virtue of association membership, with non-compliance primarily triggering reputational exposure and internal disciplinary measures. By contrast, the Sunshine Act creates binding legal duties backed by administrative sanctions and public disclosure through a ministerial register. This article examines scope, reporting mechanics, enforcement, and practical implications for companies operating in Italy under a dual transparency regime.
The Italian Sunshine Act
Italian Law No. 62/2022 (Disposizioni in materia di trasparenza nei rapporti tra le imprese produttrici e i soggetti che operano nel settore della salute) establishes the public “Sanità Trasparente” Register at the Ministry of Health to enhance transparency of financial relationships between manufacturing companies and healthcare stakeholders. Once fully operational, the regime will centralize statutory disclosures, standardize data formats, and make published information accessible to the public for a defined retention period.
Scope and disclosure obligations
The Sunshine Act requires the disclosure of transfers of value (cash, goods, services, or other benefits) and of certain agreements that confer direct or indirect benefits in favor of healthcare professionals (HCPs) and healthcare organizations (HCOs), including public and private research or academic bodies. Reportable items include, among others, participation in scientific events, advisory activities, consultancy and research arrangements, sponsorships, travel and accommodation, scholarships and grants, as well as shareholdings and income from industrial or intellectual property rights.
Disclosure thresholds operate as legal triggers on a per-recipient basis. With respect to HCPs, the obligation arises when a single transfer equals or exceeds €100 or when cumulative annual transfers reach or exceed €1,000. For HCOs, the obligation arises when a single transfer equals or exceeds €1,000 or when cumulative annual transfers reach or exceed €2,500. Communications must be submitted electronically to the Sanità Trasparente Register in accordance with the technical specifications established by the Ministry of Health.
As of the end of 2025, the electronic Register has been defined administratively and the reporting infrastructure has been structured at a technical level; however, it is not yet fully operational or freely accessible for public queries through the Ministry’s website. Companies should complete internal readiness activities and be prepared to commence reporting following formal ministerial activation via notice in the Gazzetta Ufficiale. Based on the statutory framework, disclosure obligations are expected to apply from the second half of the year following formal activation of the Register.
Once operational, the Register will allow public access to reported data for five years from publication. Publication occurs by operation of law and does not require the data subject’s consent, although companies remain responsible for providing appropriate information notices and for ensuring compliance with applicable data protection law, including transparency, minimization, and security obligations.
In addition to transfers of value and agreements, the Register will include disclosures concerning shareholdings and income from industrial or intellectual property, as well as the acts imposing sanctions under the Sunshine Act. Failure to submit required information triggers administrative fines that scale according to the type and seriousness of the infringement, including fines linked to the amount of omitted transfers. Sanctioning acts are themselves published on the Register, augmenting the reputational impact of non-compliance.
Personal and material scope
The Sunshine Act applies broadly to “manufacturing companies” involved in the production, marketing, or promotion of medicinal products, medical devices, diagnostic products, and related goods or services, including entities that organize or support healthcare-related scientific events. The recipients encompass HCPs, HCOs, and public or private research and academic institutions. In practice, companies should map all monetary and in-kind transfers and benefit-conferring agreements to these recipients, including sponsorships, consulting fees, travel and accommodation, scholarships and grants, and any income or interests related to intellectual property or shareholdings, to ensure timely and accurate reporting.
EFPIA Transparency Framework
The EFPIA Code of Practice constitutes a core element of the pharmaceutical industry’s self-regulatory transparency regime across Europe. In Italy, it is implemented through the Farmindustria Code of Conduct, which binds associated companies and provides national transparency practices consistent with EFPIA standards. The EFPIA framework requires member companies to track and publicly disclose relevant transfers of value (ToVs) made directly or indirectly to HCPs and HCOs.
Legal nature and scope
The EFPIA Code is not statutory law. Its binding force derives from membership in EFPIA or in a national association that has adopted the Code, such as Farmindustria. It applies to a defined set of ToVs to HCPs and HCOs, with detailed definitions and methodological guidance for identifying, allocating, and reporting such transfers.
Reporting and publication obligations
Member companies must document and disclose annually relevant ToVs, including grants and donations to institutions, sponsorship of scientific meetings and congresses, registration fees, travel and accommodation for scientific events, and consultancy or advisory fees. In Italy, disclosures are commonly published on company websites or association platforms, using standardized templates and methodologies. Retention typically spans approximately three years, in line with EFPIA guidance and national association practices.
The EFPIA Code differentiates between individual and aggregate disclosure. Individual disclosure identifies the recipient by name and requires a lawful basis for publication; where data protection considerations do not permit individual publication (for example, in the absence of a suitable legal basis or consent under the applicable national approach),… data may be published on an aggregate basis, accompanied by methodological notes explaining the treatment and quantification.
Enforcement and sanctions
Enforcement of the EFPIA Code is handled by national associations through investigative and disciplinary procedures. Available measures include warnings, corrective action plans, suspension, and expulsion. While no administrative fines arise under EFPIA, reputational consequences, public statements of non-compliance, and the loss of association membership can be significant and may have commercial implications.
Comparative analysis
| Dimension | EFPIA / Farmindustria | Sunshine Act (Italy) |
| Legal nature | Association self-regulation | Binding national law |
| Obligated parties | EFPIA member companies | Manufacturing companies in scope |
| Thresholds | No minimum reporting thresholds | €100/€1,000 for HCPs; €1,000/€2,500 for HCOs |
| Publication channel | Corporate/association websites | Sanità Trasparente Register (Ministry of Health) |
| Retention | Typically around 3 years | 5 years from publication |
| Identification | Individual or aggregate (depending on lawful basis) | Publication by law; no consent required |
| Enforcement | Disciplinary measures; reputational impact | Administrative fines; publication of sanctions |
| Interplay | Voluntary standards | Law prevails in case of conflict |
Where both regimes apply, companies should implement dual tracking and reconciliation. Data sets disclosed under EFPIA/Farmindustria and those submitted to the Register should be aligned in scope definitions, categorization, valuation, and timing to minimize discrepancies. Particular attention is required for methodological differences (for example, thresholds, timing of recognition, allocation of multi-recipient benefits, and VAT treatment) to avoid inconsistencies across publications.
Conclusions and practical implications
The Italian Sunshine Act materially reshapes the transparency landscape by converting what have historically been ethical transparency expectations under the EFPIA framework into statutory reporting duties subject to administrative enforcement and public scrutiny. EFPIA remains an important benchmark for ethical conduct and provides a useful structure for data capture and disclosure discipline. Nevertheless, companies operating in Italy must calibrate governance, data controls, and reporting processes to satisfy the Sunshine Act’s binding requirements, including threshold-triggered reporting, centralized submission to the Sanità Trasparente Register, five-year public availability, and exposure to fines and publication of sanctioning acts.
In practical terms, companies should finalize robust mapping of in-scope recipients and transfers, harmonize internal taxonomies and valuation methodologies, and ensure that privacy notices and data protection controls align with statutory publication without consent. A unified transparency operating model—capable of producing EFPIA/Farmindustria-compliant disclosures and Sunshine Act submissions from a single source of truth—will be critical to reduce reconciliation risks and maintain consistency across associative and statutory disclosures once the Register becomes fully operational.
For many life sciences compliance teams, the most stressful moment in Italian Sunshine Reporting is not data collection, approval, or even internal sign-off. It is the final click: uploading the XML file and waiting to see whether the Ministry’s system accepts it.
Sanità Trasparente is not designed to “work around” inconsistencies or partial compliance. It is an automated control mechanism that applies strict structural, logical, and semantic validations before a submission is accepted into the Registro Pubblico Telematico della Trasparenza. In this environment, XML readiness is no longer a technical afterthought, it is a core part of compliance execution.
XML Accuracy Starts with Understanding the Submission Logic
Italian Sunshine Reporting is built around clearly defined reporting flows, each with its own timing and data expectations. Section A filings, covering transfers of value, agreements, and conventions, must be submitted within the semester following the reporting period. Section B disclosures, which capture financial interests such as shares or royalties, follow a different timeline and must be submitted by 31 January of the subsequent year.
What often catches organizations off guard is that the system enforces these timelines automatically. A file submitted outside its permitted window is rejected regardless of data quality. XML compliance therefore begins not with formatting, but with planning, ensuring the right data set is mapped to the right reporting flow at the right time.
File structure plays a similar role. Naming conventions are not cosmetic; they are part of the validation logic. A missing semester indicator or incorrect file label is treated as a structural failure, preventing the system from even assessing the content.
Precision as a Compliance Discipline, Not a Technical Detail
Once a file enters validation, Sanità Trasparente evaluates it against the official XSD schema with no tolerance for deviation. Every mandatory field must be present, correctly formatted, and logically consistent with the rest of the record.
This is where many organizations discover that XML quality reflects upstream data discipline. Identification fields must be complete and unambiguous, with either a Codice Fiscale or VAT number always present. Address data must be internally coherent, with CAP, Comune, and Provincia correctly aligned. Country codes must reflect Italian reporting requirements, and monetary and dates values must follow exact formatting rules.
Even relationship [rapporti] classifications are scrutinized. The system checks whether the declared role of a recipient aligns with the type of interaction being reported. A mismatch between beneficiary and counterparty roles is not interpreted as a minor inconsistency, but as a reporting error.
Testing as a Standard Practice, Not a Last Resort
One of the most useful features of the reporting framework is the ability to submit test transmissions. The TRA and TRB flows allow organizations to simulate submissions without triggering official publication, offering visibility into both structural and logical validation outcomes.
These test runs, visible through the Gestione Accoglienza Flussi dashboard, provide a valuable opportunity to identify schema misalignments, missing elements, or inconsistent logic before deadlines apply. For organizations managing complex datasets or multiple affiliates, test submissions are increasingly viewed as a standard control, not an optional step.
Pre-validation against the latest official XSD schema, including the October 2025 version, has also become an essential safeguard. Many internal systems produce XML exports that require adjustment before they fully align with Ministry specifications. Identifying these gaps early reduces pressure during filing windows and avoids last-minute corrections.
Why XML Quality Is Becoming a Governance Issue
As transparency data moves toward public accessibility, the implications of XML accuracy extend beyond regulatory acceptance. Errors in published data can raise questions about internal controls, oversight, and data integrity. In this context, XML submissions are no longer just technical artifacts, they are public representations of a company’s compliance posture.
Organizations that embed XML quality into their broader governance framework, linking data validation, approval processes, and reporting accountability, are better positioned to respond as the Italian transparency system evolves.
Building Readiness for a Maturing Transparency System
Preparing for Sanità Trasparente is not about eliminating every possible error, but about creating repeatable, defensible processes that stand up to automated scrutiny. Clear ownership, structured testing, and alignment with official specifications are quickly becoming hallmarks of mature Sunshine Reporting programs.
As the Italian transparency framework continues to develop, confidence in submission will increasingly come from preparation, not reassurance after the fact. Teams that invest in XML readiness today will spend less time troubleshooting tomorrow and more time focusing on what transparency is ultimately meant to support: accountability, trust, and integrity in healthcare interactions.
Join our upcoming Italian Sunshine Reporting – Executive Operational Session in Milan (24 March 2026) or Rome (26 March 2026) to work through XML readiness in a structured, practical setting — to make sure your submission is not just accepted, but defensible.
Author
International Expert in Ethics, Compliance, and Transparency
Thought Leader in Reporting on the Italian Sunshine Act
Edoardo, a former MedTech compliance manager, has over 25 years of experience in compliance and transparency. A recognized opinion leader, Edoardo has led ethics programs at major pharmaceutical companies and offers strategic insights into compliance practices in Italy.
Cerchi supporto per la compliance al Sunshine Act?
Hai domande pratiche?
Dai un’occhiata alla nostra sezione Domande Frequenti per risposte chiare su scadenze, obblighi e strategie.