Categories: Insights, Practice

Tag: compliance, Cyber-sicurezza, data protection, Garante Privacy


29 Jun 2021

Cyber-security: Decree published in the Official Gazette

Decree-Law no.  82/2021 (the “Decree“) was published in the Official Gazette on 14 June, containing “urgent provisions on cyber-security – definition of the national cyber-security architecture and establishment of the National Cyber-security Agency” .

The term “Cyber-security” means “activities necessary to protect networks, information systems, computer services and electronic communications from cyber threats, ensuring their availability, confidentiality, integrity and resilience” (Art. 1, paragraph 1, letter a).

The Interministerial Committee on cyber-security

The Decree, which consists of 19 articles, institutionalises the “Interministerial Committee for cyber-security” (“CIC“). CIC performs advisory, proposal and supervisory functions in the field of cyber-security policies, including the protection of national security in cyberspace. In addition, CIC has the following tasks:

  • advising the Prime Minister on general national cyber-security policies guidelines;
  • supervising national cyber-security strategy;
  • promoting the adoption of the necessary initiatives to (i) foster effective national and international cooperation, between institutional and private stakeholders in cyber-security, sharing information and (ii) adopting best practices and measures aimed at cyber-security and industrial, technological and scientific development in the cyber-security field;
  • providing an opinion on the national cyber-security Agency’s budget and balance sheet.

National Cyber Security Agency

Among the Decree’s main features is the establishment of the “National Cyber-security Agency” (“NCA” or “Agency“). The Decree specifies its functions by clarifying its composition and organisation. A special regulation, to be approved within 120 days from the entry into force of the Decree, shall define the Agency’s functioning, which is composed of eight general management level offices and thirty non-general management level offices within the available resources (art. 12 paragraph 1).

The Agency is the main body in the cyber-security field, acting as a national authority and centralising the various expertise hitherto attributed to other bodies, including those of the Ministry of Economic Development. Its tasks include:

  • protecting national interests and essential state functions from cyber threats;
  • developing national prevention, monitoring, detection and mitigation capabilities to deal with cyber-security incidents and cyber-attacks;
  • enhancing the security of Information and Communications Technology (“ICT”) systems of entities included in the national cyber security perimeter, public administrations, essential service operators and digital service providers;
  • supporting the development of industrial, technological and scientific skills, promoting projects for innovation and development, while stimulating the growth of a solid national workforce in the cyber-security field aiming at national strategic autonomy;
  • providing a single national stakeholder for public and private entities in the field of security measures and inspection activities in the national cyber-security perimeter, security of networks, information systems, and electronic communication networks.

Cyber-security Unit

The Agency is supported by the “Cyber-security unit“, which supports the Prime Minister, for aspects relating to the prevention and preparation for possible crises and the activation of warning procedures. The main tasks entrusted to this body include:

  • formulating initiatives concerning the country’s cyber-security;
  • promoting, programming and operational planning of the response to cyber crisis situations by administrations and private operators;
  • conducting inter-ministerial exercises, i.e. national participation in international exercises involving the simulation of cyber events to increase the country’s resilience and involvement in cyber-security crises.

◊◊◊◊

By 30 April of each year, the Prime Minister must report to Parliament on the Agency’s activity in the previous year. As an Italian National Coordination Centre, the Agency will interface with the “European Cyber-security Industrial, Technology and Research Competence Centre“, contributing to increasing the European strategic autonomy in the sector.

Other related insights:

Subscribe to our newsletter

Contact

Need information? Write to us and our team of experts will respond as soon as possible.

Fill in the form

More news and insights

8 Jul 2026

Pay transparency: one month after its entry into force, two approaches are emerging in the market (The Platform, 8 July 2026 – Vittorio De Luca, Claudia Cerbone e Martina De Angeli)

Since 7 June, EU rules aimed at strengthening the principle of equal pay between men and women for the same work or for work of equal value have…

2 Jul 2026

Did you know…? As of 7 June 2026, Legislative Decree No. 96/2026 is fully in force

As of 7 June 2026, Legislative Decree No. 96/2026 is fully in force. It also introduces into the Italian legal system a structured framework on pay transparency, with…

2 Jul 2026

Failure to serve disciplinary charges does not render the dismissal null and void: italian supreme court confirms no reinstatement remedy for employers below the statutory workforce threshold

Principle of Law In its recent judgment No. 17283 of 1 June 2026, the Italian Supreme Court (Corte di Cassazione) examined the legal consequences arising from the employer's…

2 Jul 2026

AI and the employment relationship: initial guidance from the implementing decrees and data protection implications

Following the preliminary approval by the Council of Ministers, on 10 June 2026, of the first draft legislative decrees implementing the enabling law on artificial intelligence (Law No.…

1 Jul 2026

Sustainability, Responsibility, and the Future: A Commitment That Grows with Time

As we celebrate our 50th anniversary, we have chosen to look to the future with the same care and dedication with which we preserve our roots. Those roots…

25 Jun 2026

Pay Equity and Pay Transparency: What Will Change in Italy (People are People, 25 June 2026 – Claudia Cerbone e Martina De Angeli)

With Legislative Decree No. 96 of 7 May 2026, which entered into force on 7 June 2026, Italy transposed Directive (EU) 2023/970 on pay transparency, becoming one of…