NIS2: Upcoming Obligations for Italian Organizations – Deadline May 31, 2025

Article Thumbnail
cybersecurity | compliance | NIS2 | Direttiva NIS2 | ACN | obblighi normativi | scadenza 31 maggio 2025 | Aegister

NIS2: Upcoming Obligations for Italian Organizations – Deadline May 31, 2025

May 14, 2025

The NIS2 Directive (EU Directive 2022/2555), transposed into Italian law by Legislative Decree 138/2024, introduces stringent obligations for organizations classified as essential or important entities. By May 31, 2025, these entities must complete a series of requirements through the digital platform of the National Cybersecurity Agency (ACN). For a comprehensive understanding of NIS2 requirements, refer to our detailed guide.

Communication Obligations

Organizations must provide the following information:

  • Security Officers: Personal and contact details of responsible individuals, including legal representatives and/or authorized agents.
  • Contact Point and Deputy: Designation of the NIS contact point and their deputy, with respective roles and updated contact information.
  • Digital Infrastructure: List of public IP addresses and domains used by the organization.
  • EU Presence: List of EU Member States where the organization provides services within the Directive's scope.
  • Governing Bodies: Composition of administrative and management bodies.
  • Information Sharing Agreements: Details of active information-sharing agreements.

It is crucial to keep this information up to date; any changes must be communicated within 14 days.

Consequences of Non-Compliance

Failure to comply with these obligations can result in significant penalties:

  • Essential Entities: Up to €10 million or 2% of the annual global turnover.
  • Important Entities: Up to €7 million or 1.4% of the annual global turnover.
  • Executives: Potential personal sanctions, including disqualification.

It is imperative that organizations act promptly to ensure compliance.

Support from Aegister

Aegister offers specialized support to guide organizations through NIS2 compliance, including:

  • Consulting to identify specific obligations.
  • Assistance in collecting and submitting required information.
  • Staff training on new regulatory requirements.
  • Support in managing communications with ACN.

For more information and to schedule a tailored consultation, contact us at [email protected].

FAQ

What event is covered in this recap?

This article covers Aegister's participation in an international cybersecurity event highlighted in the post.

Where could visitors meet Aegister during the event?

Visitors could meet the team at stand SP64 during the event days.

How can organizations follow up after the event?

Organizations can continue the conversation through Aegister's official channels and published insights.

Official sources

Operational implications after the event

NIS2: Upcoming Obligations for Italian Organizations – Deadline May 31, 2025 should be used as an operational follow-up reference, not only as an event recap. Organizations evaluating similar initiatives should map discussed themes to internal priorities, decision owners, and next action windows so the event output becomes execution input.

  • Extract practical control themes and assign review owners in GRC and security teams.
  • Translate high-level takeaways into measurable implementation tasks and deadlines.
  • Document stakeholder decisions and preserve evidence of why priorities were selected.
  • Use recurring checkpoints to validate that post-event actions remain aligned with risk objectives.

Publication reference date: 2025-05-14. Keep timeline communication consistent with absolute calendar dates.

Share this post