Italy: Adopted presidential decree implementing the national cybersecurity perimeter, on goods used within the perimeter

On 8 May 2021, Presidential Decree DPR 54/2021 implementing the national cybersecurity perimeter was implemented. The decree details procedures and requirements concerning the evaluation, certification and testing of goods used within the perimeter. It outlines the procedures and timelines for evaluations conducted by the National Cybersecurity Certification Center (CVCN) and Evaluation Centers (CVs) in the defence and internal affairs sectors and it establishes criteria for identifying the objects of acquisition subject to evaluation, which will concern various categories of ICT goods, systems, and services, such as network security, industrial control, and communication network monitoring. The specific categories will be detailed in a forthcoming prime ministerial decree. The evaluation is based on a risk analysis, and the results are communicated to the subject and supplier, and the latter will bear the economic costs of the evaluation. The decree also covers verification and inspection processes and it sets a 45-day timeline for verifications, extendable once to 60 days.