Decree-Law no. 82/2021 (the “Decree“) was published in the Official Gazette on 14 June, containing “urgent provisions on cyber-security – definition of the national cyber-security architecture and establishment of the National Cyber-security Agency” .
The term “Cyber-security” means “activities necessary to protect networks, information systems, computer services and electronic communications from cyber threats, ensuring their availability, confidentiality, integrity and resilience” (Art. 1, paragraph 1, letter a).
The Decree, which consists of 19 articles, institutionalises the “Interministerial Committee for cyber-security” (“CIC“). CIC performs advisory, proposal and supervisory functions in the field of cyber-security policies, including the protection of national security in cyberspace. In addition, CIC has the following tasks:
Among the Decree’s main features is the establishment of the “National Cyber-security Agency” (“NCA” or “Agency“). The Decree specifies its functions by clarifying its composition and organisation. A special regulation, to be approved within 120 days from the entry into force of the Decree, shall define the Agency’s functioning, which is composed of eight general management level offices and thirty non-general management level offices within the available resources (art. 12 paragraph 1).
The Agency is the main body in the cyber-security field, acting as a national authority and centralising the various expertise hitherto attributed to other bodies, including those of the Ministry of Economic Development. Its tasks include:
The Agency is supported by the “Cyber-security unit“, which supports the Prime Minister, for aspects relating to the prevention and preparation for possible crises and the activation of warning procedures. The main tasks entrusted to this body include:
◊◊◊◊
By 30 April of each year, the Prime Minister must report to Parliament on the Agency’s activity in the previous year. As an Italian National Coordination Centre, the Agency will interface with the “European Cyber-security Industrial, Technology and Research Competence Centre“, contributing to increasing the European strategic autonomy in the sector.
Other related insights: