---
title: "UNI/PdR 174:2025 for NIS2 & ISO 27001"
description: "UNI/PdR 174:2025 for NIS organizations certified to ISO 27001: how the new Italian practice bridges NIS2 compliance and ISO 27001 certification requirements."
canonical: https://www.aegister.com/en/cms/insights/uni-pdr-174-2025-nis-iso-27001/
url: /en/cms/insights/uni-pdr-174-2025-nis-iso-27001/
lang: en
---

![](/static/images/header-contact.webp)

# UNI/PdR 174:2025 for NIS Organizations Certified to ISO 27001: What It Changes Operationally

---

![UNI/PdR 174:2025 for NIS Organizations Certified to ISO 27001: What It Changes Operationally](/static/images/cms/uni-pdr-174-2025-nis-iso-27001.webp)

## UNI/PdR 174:2025 for NIS Organizations Certified to ISO 27001: What It Changes Operationally

February 20, 2026

[ACN](/en/cms/keyword/acn/)
[compliance](/en/cms/keyword/compliance/)
[GRC](/en/cms/keyword/grc/)
[cybersecurity](/en/cms/keyword/cybersecurity/)
+5

ACN announced that on **30 April 2025** UNI/PdR 174:2025 was published, and positioned it as an operational bridge between **UNI CEI EN ISO/IEC 27001** and **NIST CSF 2.0** for organizations in NIS scope already certified to ISO 27001.

Sources: [ACN article](https://www.acn.gov.it/portale/w/uni/pdr-174-2025-pubblicata-la-nuova-prassi-di-riferimento-a-supporto-dei-soggetti-nis-certificati-iso-27001), [UNI catalog page](https://store.uni.com/uni-pdr-174-2025)

## Key takeaways

- ACN article date: **15 May 2025**.
- The ACN text states UNI/PdR 174:2025 was published on **30 April 2025**.
- The prassi is described as a harmonized management-system requirement set aligned with ISO/IEC 27001 and NIST CSF 2.0.
- ACN frames it as a methodological bridge for organizations already certified ISO/IEC 27001 that need to extend controls/measures toward NIST CSF.
- ACN links this alignment to the "misure di sicurezza di base" under Articles 23 and 24 of the NIS decree, referred to in ACN Determination no. 164179 of 14 April 2025.

Sources: [ACN article](https://www.acn.gov.it/portale/w/uni/pdr-174-2025-pubblicata-la-nuova-prassi-di-riferimento-a-supporto-dei-soggetti-nis-certificati-iso-27001), [ACN Determination 164179/2025](https://www.acn.gov.it/portale/documents/d/guest/detacn_nis_specifiche_2025_164179_signed), [Legislative Decree 138/2024](https://www.gazzettaufficiale.it/eli/id/2024/10/01/24G00155/SG)

## Why this matters for compliance programs

For NIS-affected entities that already maintain an ISO/IEC 27001-certified management system, ACN indicates this prassi can reduce translation friction between existing ISO governance and NIST CSF-based security expectations used in the national NIS implementation context.

In practical terms, this supports governance teams in avoiding duplicate control architectures across standards.

Source: [ACN article](https://www.acn.gov.it/portale/w/uni/pdr-174-2025-pubblicata-la-nuova-prassi-di-riferimento-a-supporto-dei-soggetti-nis-certificati-iso-27001)

## What ACN explicitly states

According to ACN:

1. UNI/PdR 174:2025 was developed with ACN support.
2. It defines requirements for a cybersecurity and information-security management system harmonized with ISO/IEC 27001 and NIST CSF 2.0.
3. It helps already ISO/IEC 27001-certified entities extend their management system toward controls and measures required by NIST CSF.
4. This is linked to the national baseline security specifications tied to NIS Articles 23 and 24.

Sources: [ACN article](https://www.acn.gov.it/portale/w/uni/pdr-174-2025-pubblicata-la-nuova-prassi-di-riferimento-a-supporto-dei-soggetti-nis-certificati-iso-27001), [ACN Determination 164179/2025](https://www.acn.gov.it/portale/documents/d/guest/detacn_nis_specifiche_2025_164179_signed)

## Access and procurement notes

ACN states that:

- UNI/PdR 174:2025 is available in the UNI catalog.
- The document can be downloaded free of charge after registration on the UNI website.

Sources: [ACN article](https://www.acn.gov.it/portale/w/uni/pdr-174-2025-pubblicata-la-nuova-prassi-di-riferimento-a-supporto-dei-soggetti-nis-certificati-iso-27001), [UNI catalog page](https://store.uni.com/uni-pdr-174-2025), [UNI site](https://www.uni.com/)

## Operational checklist for cyber/GRC teams

1. Map current ISO/IEC 27001 controls against NIST CSF 2.0 structure used in your NIS compliance program.
2. Identify gaps between current ISMS evidence and baseline NIS measures referenced by ACN.
3. Update risk-treatment and control-governance documentation to avoid parallel frameworks.
4. Align internal audit planning to cover ISO, NIST-CSF-mapped controls, and NIS obligations in one cycle.
5. Track evidence traceability from control implementation to legal requirements under the NIS framework.

## FAQ

### Is UNI/PdR 174:2025 a replacement for NIS legal obligations?

No. It is presented by ACN as an operational support framework; legal obligations remain defined by the NIS legal framework and ACN determinations. Sources: [ACN article](https://www.acn.gov.it/portale/w/uni/pdr-174-2025-pubblicata-la-nuova-prassi-di-riferimento-a-supporto-dei-soggetti-nis-certificati-iso-27001), [Legislative Decree 138/2024](https://www.gazzettaufficiale.it/eli/id/2024/10/01/24G00155/SG)

### Is the document publicly accessible?

ACN indicates it is available in UNI catalog and downloadable after registration on the UNI site. Sources: [ACN article](https://www.acn.gov.it/portale/w/uni/pdr-174-2025-pubblicata-la-nuova-prassi-di-riferimento-a-supporto-dei-soggetti-nis-certificati-iso-27001), [UNI catalog page](https://store.uni.com/uni-pdr-174-2025)

### Which ACN act is referenced for baseline NIS measures?

The ACN article references Determination no. 164179 of 14 April 2025. Source: [ACN Determination 164179/2025](https://www.acn.gov.it/portale/documents/d/guest/detacn_nis_specifiche_2025_164179_signed)

## Official sources

- [ACN - UNI/PdR 174:2025 article](https://www.acn.gov.it/portale/w/uni/pdr-174-2025-pubblicata-la-nuova-prassi-di-riferimento-a-supporto-dei-soggetti-nis-certificati-iso-27001)
- [ACN document - Determination no. 164179 of 14 April 2025](https://www.acn.gov.it/portale/documents/d/guest/detacn_nis_specifiche_2025_164179_signed)
- [UNI catalog - UNI/PdR 174:2025](https://store.uni.com/uni-pdr-174-2025)
- [UNI official website](https://www.uni.com/)
- [Gazzetta Ufficiale - Legislative Decree 138/2024 (NIS)](https://www.gazzettaufficiale.it/eli/id/2024/10/01/24G00155/SG)

Share this post

## Related News

[![Aegister Obtains ISO 27001 and ISO 9001 Certifications](/static/images/cms/uni-pdr-174-2025-nis-iso-27001.webp)](/en/cms/insights/aegister-iso-certifications-2026-overview/)

[Aegister Obtains ISO 27001 and ISO 9001 Certifications](/en/cms/insights/aegister-iso-certifications-2026-overview/)

[Aegister obtained two ISO certifications in April 2026: EN ISO/IEC 27001:2023 (I726) for information security and ISO 9001:2015 (Q5482) for quality management, both issued by AUDISO and covering the same cybersecurity platform scope.](/en/cms/insights/aegister-iso-certifications-2026-overview/)

[compliance](/en/cms/keyword/compliance/)
[cybersecurity](/en/cms/keyword/cybersecurity/)
+8

[![ACN NIS 2026 Platform Rules and New Deadlines: Master Overview](/static/images/cms/nis2-basic-measures-acn.webp)](/en/cms/insights/nis-acn-platform-2026-new-deadlines-overview/)

[ACN NIS 2026 Platform Rules and New Deadlines: Master Overview](/en/cms/insights/nis-acn-platform-2026-new-deadlines-overview/)

[ACN's April 2026 package sets new NIS deadlines for subjects listed for the first time in 2026 (incident notification from 1 January 2027, baseline measures by 31 July 2027) and updates the platform operating rules for registration, annual and continuous updates, relevant suppliers, and categorization.](/en/cms/insights/nis-acn-platform-2026-new-deadlines-overview/)

[NIS2](/en/cms/keyword/nis2/)
[ACN](/en/cms/keyword/acn/)
+8

[![Aegister Obtains EN ISO/IEC 27001:2023 Certification](/static/images/cms/uni-pdr-174-2025-nis-iso-27001.webp)](/en/cms/insights/aegister-iso-27001-certification-2026/)

[Aegister Obtains EN ISO/IEC 27001:2023 Certification](/en/cms/insights/aegister-iso-27001-certification-2026/)

[Aegister obtained EN ISO/IEC 27001:2023 certification (no. I726) from AUDISO on 2026-04-01, valid until 2029-03-31, for cybersecurity services and solutions delivered through its proprietary web platform, with guideline extensions aligned to EN ISO/IEC 27017:2021 and 27018:2020.](/en/cms/insights/aegister-iso-27001-certification-2026/)

[compliance](/en/cms/keyword/compliance/)
[cybersecurity](/en/cms/keyword/cybersecurity/)
+8

### NIS 2 Compliance with Aegister

Complete solutions for NIS 2 Directive compliance: expert consulting, implementation and ongoing support.

[Discover](/en/solutions/compliance/nis2/)