Compliance cannot be a trophy on the wall. It must be real practice.

Over the past months, I have lived through an experience that exposes a serious structural weakness in corporate compliance models based solely on formal certifications.

When I requested that my concrete case - a formal complaint, officially accepted and investigated - be used as a practical compliance test, I received a clear response from the certification body responsible for ISO 37301:2021:

📌 No material analysis was carried out. No real case was audited. No investigation was examined.

This reveals a systemic problem:

Companies display sophisticated certifications, international seals, impeccable policies, extensive codes of ethics - but without any real-world validation of practice.

When compliance is not tested through real cases, it turns into:

✔️ institutional rhetoric

✔️ reputational marketing

✔️ formal shielding

✔️ and, ultimately, regulatory fiction

The question that remains is simple:

📌 What is the value of a compliance system that is not tested when it truly matters?

Certifications cannot be mere trophies on the wall.

They must be living instruments of control, transparency, and real accountability.

Without this, the gap between discourse and practice widens - and public trust disappears.

Compliance cannot be theater. And certification cannot be marketing.

What I have witnessed over the past months exposes a deep structural fragility in the current model of compliance certification, especially regarding ISO 37301:2021.

In practice, what should function as a robust instrument of governance, prevention, control, and protection of rights often reveals itself to be an empty bureaucratic ritual, aimed far more at building reputation than at verifying real-world conduct.

A surveillance audit that does not analyze a single real case, does not examine actual investigations, does not test operational mechanisms, and ignores documented situations of retaliation, SLAPP lawsuits, and professional destruction, is simply not an audit. It is formality. It is performance. It is cosmetic compliance.

When a standard is not accredited by national accreditation bodies, lacks effective independent public oversight, and relies almost exclusively on procedural and documentary checks, the risk becomes evident: a self-referential system emerges, in which organizations validate their own narratives, without any genuine confrontation with reality.

This picture becomes even more troubling when the certified company and the certification body operate within the same national corporate ecosystem, sharing institutional, economic, and cultural proximity - as in the case of Eni and RINA SERVICES.

The risk of corporate solidarity, structural complacency, and symbolic mutual validation is not theoretical - it is systemic.

The outcome is perverse:
✔️ impeccable policies on paper
✔️ sophisticated codes of ethics
✔️ international certifications displayed as trophies
✔️ and, at the same time, absolute silence in the face of real violations

This is not compliance.

This is reputation management.

Real compliance disturbs, questions, exposes weaknesses, tests limits, and protects whistleblowers.

When it fails to do so, it becomes an instrument of institutional shielding.

The essential - and uncomfortable - question is simple:

📌 What is the value of a compliance certification that cannot detect, analyze, and respond to concrete cases of abuse, retaliation, and systematic professional destruction?

If it cannot do that, then it serves only reputational marketing.

And that undermines not just the credibility of one standard, but public trust in the entire international compliance system.

Compliance cannot be a trophy on the wall.

It must be a living, concrete, tested, and verifiable practice.

Without that, all that remains is institutional hypocrisy with an international seal of approval.

This is Eni's Way

For almost 25 years, I have been fighting to restore and reclaim my name, my honor, and my reputation, which have been systematically attacked by a company that claims to be a benchmark in ethics, corporate governance, integrity, and transparency.

When confronted with facts, documents, and the truth, this company does not correct itself, does not take responsibility, and does not make amends.

 It continues to lie.

This is not the posture of an ethical company.

This is not governance.

This is not integrity.

This is not transparency.

It is the behavior of a company that lives off narratives, not truth.

That protects its institutional image while destroying individual reputations.

That speaks the language of compliance while practicing corporate cynicism.

Companies like this do not deserve admiration.

They do not deserve respect.

They deserve the contempt of their stakeholders.

The truth may take time, but it always arrives.

And when it does, no campaign, report, or polished speech can bury it.

The truth confronts. Always.

OPEN LETTER to the CEO of Italian oil giant

"You know who I am. You know the truth about what happened to me. And you also know that my struggle of almost twenty-five years is not based on inventions or distortions. Eni knows this truth as well, but chose to ignore it - preferring silence and retaliation.

I am not writing to debate legal issues or to repeat what I have already presented countless times to different compositions of the Board of Directors. I want to speak about something that goes beyond corporate strategies or legal maneuvers: your conscience, and the way your own family sees you.

What would your wife say if she knew that, by your decision or omission, an innocent man had his honor and dignity destroyed for more than two decades? What would your children think if they realized that the suffering imposed on me is sustained by the power of your pen - the same pen that could have brought this story to a just end, but did not? Would they be proud of you?

I imagine your family sees you as a fair and honorable man - someone who seeks to do what is right. But if they knew every detail of this story, would they still see you the same way? Would they ask you to put an end to this and correct what needs to be corrected?

You have that power. The decision is in your hands. The truth cannot be erased, and my perseverance over all these years proves that.

You still have the chance to do what is right!

So I ask you: what would your family expect you to do?".

ENI & GPDP

Today I make public a decision that should never have been taken.

After 24 years fighting to defend my name, my honor, and my professional reputation, I submitted a comprehensive complaint to Autorità Garante per la protezione dei dati personali against Eni supported by robust documentary evidence, a detailed timeline, successive submissions, new facts, and even an autonomous complaint against the company’s Data Protection Officer (DPO).

Since 2017, Eni has published an institutional document containing false information regarding the reasons for my dismissal from AGIP Brazil in 2001 — information that does not appear in the official minutes of the shareholders’ meeting and that remains publicly available, causing ongoing damage to my honor and professional life.

Despite all this, Autorità Garante per la protezione dei dati personali decided to close the procedure without opening an investigation, without examining the merits of the case and without verifying the accuracy of the contested data.

This decision is not merely legally weak.

It is institutionally grave.

The Authority chose not to apply fundamental principles of the GDPR, including:
✔️ the accuracy of personal data (Article 5(1)(d));
✔️ the right to rectification (Article 16);
✔️ the accountability of the controller (Article 24);
✔️ and the duty of transparency toward the data subject (Article 12).

In practice, the Authority shielded Italy’s largest company from any form of investigation.

It is impossible to ignore the broader context:

Eni is Italy’s largest company and the Italian State is its controlling shareholder.

When a Data Protection Authority decides not to investigate a case of this magnitude, involving a state-owned or politically sensitive company, one question becomes unavoidable:

📌 Who is being protected: the citizen or power?

In response to this decision, I will pursue all available avenues:
✔️ judicial, before the Tribunal of Rome (Article 78 GDPR);
✔️ European institutional, before the European Commission;
✔️ and public and media channels, because silence only benefits those who violate the law.

This fight has never been only about data.

🛑 It has always been — and continues to be — about truth, dignity, justice, and ethics.

Twenty-four years is far too long. But it is not long enough to silence me.

✅ Learn more:

1) Complaint against Eni filed with Autorità Garante per la protezione dei dati personali (GPDP) in December 2024:

2) Decision of the GPDP issued in December 2025 (Italian version)