diff --git a/src/modules/ar1/components/Ar1ComplianceModal.js b/src/modules/ar1/components/Ar1ComplianceModal.js
index 8538922..cfd1851 100644
--- a/src/modules/ar1/components/Ar1ComplianceModal.js
+++ b/src/modules/ar1/components/Ar1ComplianceModal.js
@@ -6,10 +6,15 @@ import { Button } from 'primereact/button';
 import { Message } from 'primereact/message';
 import Ar1Service from '../service/ar1Service';
 import Ar1StatusTag from './Ar1StatusTag';
+import { useStoreValue } from '../../../store';
 
 const DISMISS_SESSION_KEY_PREFIX = 'ar1-compliance-dismissed-';
 const DISMISS_WINDOW_HOURS = 24;
 
+// AR1 (D.Lgs.231/2007) si applica solo alle aziende beneficiarie.
+// Admin / istruttore / direttore NON devono ricevere il popup.
+const AR1_POPUP_ALLOWED_ROLES = ['ROLE_BENEFICIARY', 'ROLE_CONFIDI'];
+
 /**
  * Dialog AR1 mostrato al login se l'azienda ha AR1 MISSING/EXPIRED/APPROACHING.
  * - dismissable=false (EXPIRED/MISSING): bloccante, solo CTA "Compila ora"
@@ -20,11 +25,17 @@ const DISMISS_WINDOW_HOURS = 24;
  */
 const Ar1ComplianceModal = ({ companyId }) => {
     const navigate = useNavigate();
+    const role = useStoreValue('getRole');
     const [status, setStatus] = useState(null);
     const [visible, setVisible] = useState(false);
     const [loading, setLoading] = useState(true);
 
     useEffect(() => {
+        // Gate ruolo: solo aziende vedono il popup AR1.
+        if (!AR1_POPUP_ALLOWED_ROLES.includes(role)) {
+            setLoading(false);
+            return;
+        }
         if (!companyId) return;
         const dismissKey = DISMISS_SESSION_KEY_PREFIX + companyId;
         const dismissed = sessionStorage.getItem(dismissKey);
@@ -50,7 +61,7 @@ const Ar1ComplianceModal = ({ companyId }) => {
                 console.warn('Ar1ComplianceModal: status check failed', err);
             }
         );
-    }, [companyId]);
+    }, [companyId, role]);
 
     const handleDismiss = () => {
         if (!status?.is_popup_dismissible) return;