Source: European Parliament
Strengthening Member States’ cyber resilience capabilities, coordinating national cyber efforts and securing critical infrastructures are top priorities for the Commission, which monitors closely cyber threats and incidents affecting the EU’s critical infrastructure.
The directive on measures for a high common level of cybersecurity across the Union (NIS 2 Directive)[1] requires from entities in 18 critical sectors, including public administration, to take risk-based cybersecurity risk-management measures and report significant cyber incidents.
The NIS 2 Directive transposition deadline for the Member States was 17 October 2024. The Commission is now assessing the Italian transposition legislation that was notified on time.
In addition, Regulation on digital operational resilience for the financial sector (DORA)[2] requires financial entities to develop capabilities to detect, prevent, limit the impact of information and communication technologies-related incidents, to respond and recover from them, and report major incidents. To assess the effectiveness of the entities’ capabilities, DORA introduces testing requirements.
Investment 1.5 ‘Cybersecurity’[3], worth EUR 623 million, from Italy’s National Recovery and Resilience Plan (NRRP) spans from creating a Cybersecurity Agency to the implementation of actions boosting Italy’s cyber resilience capabilities.
In the context of Italy’s fifth payment request, five milestones and targets were assessed as satisfactorily fulfilled: (i) creating the National Cybersecurity Agency (ACN), (ii) defining the national cybersecurity architecture, (iii) the start-up of a network of cybersecurity laboratories, (iv) activating a central audit unit within the ACN (v) completing five strengthening interventions.