NIS2: Upcoming Obligations for Italian Organizations

| e-mail

NIS2: Upcoming Obligations for Italian Organizations – Deadline May 31, 2025

cybersecurity

compliance

NIS2

Direttiva NIS2

ACN

obblighi normativi

scadenza 31 maggio 2025

Aegister

NIS2: Upcoming Obligations for Italian Organizations – Deadline May 31, 2025

May 14, 2025

The NIS2 Directive (EU Directive 2022/2555), transposed into Italian law by Legislative Decree 138/2024, introduces stringent obligations for organizations classified as essential or important entities. By May 31, 2025, these entities must complete a series of requirements through the digital platform of the National Cybersecurity Agency (ACN).

Communication Obligations

Organizations must provide the following information:

Security Officers: Personal and contact details of responsible individuals, including legal representatives and/or authorized agents.
Contact Point and Deputy: Designation of the NIS contact point and their deputy, with respective roles and updated contact information.
Digital Infrastructure: List of public IP addresses and domains used by the organization.
EU Presence: List of EU Member States where the organization provides services within the Directive's scope.
Governing Bodies: Composition of administrative and management bodies.
Information Sharing Agreements: Details of active information-sharing agreements.

It is crucial to keep this information up to date; any changes must be communicated within 14 days.

Consequences of Non-Compliance

Failure to comply with these obligations can result in significant penalties:

Essential Entities: Up to €10 million or 2% of the annual global turnover.
Important Entities: Up to €7 million or 1.4% of the annual global turnover.
Executives: Potential personal sanctions, including disqualification.

It is imperative that organizations act promptly to ensure compliance.

Support from Aegister

Aegister offers specialized support to guide organizations through NIS2 compliance, including:

Consulting to identify specific obligations.
Assistance in collecting and submitting required information.
Staff training on new regulatory requirements.
Support in managing communications with ACN.

For more information and to schedule a tailored consultation, contact us at [email protected].

Share this post

Related News

NIS 2

compliance

cybersecurity regulations

How NIS 2 Directive Will Impact Cybersecurity Compliance

An in-depth look at the NIS 2 directive and what organizations need to do to achieve compliance.

NIS 2 compliance

cybersecurity framework

Aegister solutions

Aegister's Guide to Achieving NIS 2 Compliance

Aegister offers a practical guide to help businesses achieve NIS 2 compliance with minimal disruption.

data protection

NIS2

ISO/IEC 27001

cybersecurity compliance

GDPR

regulatory compliance

information security

Cybersecurity Compliance: Understanding Key Regulations for Business Protection

An overview of essential cybersecurity regulations like GDPR, NIS2, and ISO/IEC 27001, highlighting their roles in safeguarding business operations.

Contacts

Follow us

NIS2: Upcoming Obligations for Italian Organizations – Deadline May 31, 2025

NIS2: Upcoming Obligations for Italian Organizations – Deadline May 31, 2025

Communication Obligations

Consequences of Non-Compliance

Support from Aegister