Italy: Implemented Decree No. 138 transposing NIS 2

On 16 October 2024, Legislative Decree No. 138, transposing into national legislation the Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (NIS 2 Directive), entered into force. The decree includes measures to ensure the security and resilience of the critical infrastructure. The National Cybersecurity Agency (ACN) is designated as the responsible authority for overseeing the implementation process, enforcing obligations and collaborating with the authorities from other Member States. Entities covered under the decree have to conduct assessments to determine applicability and prepare for compliance, including registration on a designated portal by early 2025.