Cybersecurity enforcement in Italy

cybersicurezza nella pa

On February 16th, draft parliamentary bill no. 1717 containing provisions to bolster national cybersecurity and cybercrimes was presented to the Chamber of Deputies. The legislative process continued on February 29th with further steps.

The law against the pressure of the cyber threat in Italy

The measure aims to respond to the increasing offensiveness of attacks carried out by telematic and cyber means and the consequent need to enhance cybersecurity. It operates on two fronts: national cybersecurity – by enhancing the protection and response capabilities of public administrations against cyber threats – and criminal law – through the revision of cybercrimes with the intention of better preventing and countering them.

National cybersecurity enforcement

The new law provides rules to develop national prevention, monitoring, detection, analysis and response capabilities to prevent and manage cyber-attacks in public administration.

The notice of cyber-attack

Public administration, regions, autonomous provinces of Trento and Bolzano, municipalities with populations over 100,000 inhabitants, health care companies and in-house companies of the public administration are required to report and notify the National Information Security Agency (ACN) of security incidents in networks, information systems and IT services.

The penalties

In case of non-compliance, ACN will proceed to a notice to the public administration, advising that the repetition of the omissive conduct will result in the application of sanctions and inspections by ACN to verify the implementation of the resilience strengthening interventions.

In case of repeated non-compliance, ACN may apply an administrative fine of 25,000 euros to 125,000 euros. The proceeds of the sanctions will flow into CAN’s revenues.

The obligation to take remedial action

Public administration must take remedial action as a result of the reports ACN makes about specific vulnerabilities. In case of non-compliance, the sanctions seen above are provided.

The new cybersecurity manager in public administration

Public administration must identify a structure in charge of cybersecurity activities, where the new cybersecurity manager will operate and serve as the contact between public administration and ACN.

The enhancement of IA

ACN can also promote and develop IA as a resource for strengthening national cybersecurity also through partnerships between public and private entities.

Cybersecurity in public contracts

Public Administration must comply with cybersecurity rules with the IT goods and services suppliers in a context related to the protection of strategic national interests, regulating the public contracts in accordance with them.

Coordination between ACN and judicial authorities in case of attacks on computer or telematic systems of public interest

ACN, as a public official, must immediately report attacks on computer or telematic systems of public interest to the national anti-mafia and counterterrorism prosecutor.

Correspondingly, the public prosecutor shall promptly inform ACN of the most serious computer-crimes. ACN will have the right to participate in acts of the investigation.

Our law firm in Milan  provides assistance to private individuals, organizations and businesses.

Share

Dal Pozzo Law Firm

Criminal Law Milan

Licia Dal Pozzo Advocate