The Digital Hub

HIGHLIGHTS:

• as a rule it applies to medium-sized and large enterprises operating in certain highly critical or critical sectors, as well as to the Public Administration
• it covers the cybersecurity of networks and information systems
• it applies since 16 October 2024

MATERIALS:

• Cybersecurity in Italy – 2026
• Introduction to cybersecurity: video clip
• White Paper: Digital Compliance [last update: March 2025]

REGULATORY TEXTS:

• NIS2 Directive
• Legislative Decree 138/2024

IN-DEPTH ARTICLES:

• NIS2 is here!
• NIS, what now? The calendar of dates to keep in mind
• NIS, decisions defining obligations adopted: information update deadline is 31 May
• NIS, ACN's resolution on notification of sharing agreements

HIGHLIGHTS:

• it applies to banks, investment firms, insurance companies, cryptocurrency service providers, crowdfunding service providers and other financial entities
• it covers the cybersecurity of digital financial services
• it applies since 17 January 2025

MATERIALS:

• Cybersecurity in Italy - 2026
• Introduction to cybersecurity: video clip
• White Paper: Digital Compliance [last update: March 2025]

REGULATORY TEXTS:

• DORA

HIGHLIGHTS:

• it applies to manufacturers of products with digital elements and other subjects that are part of the supply chain of such products.
• it covers the cybersecurity of products with digital elements
• it applies, in part, from 11 December 2026

MATERIALS:

• Cybersecurity in Italy – 2026
• Introduction to cybersecurity: video clip
• White Paper: Digital Compliance [last update: March 2025]

REGULATORY TEXTS:

• Cyber Resilience Act

HIGHLIGHTS:

• It applies to entities identified by the President of the Council of Ministers that perform essential functions or provide essential services for the State
• it covers the security of networks, information systems, and information services on which the performance of essential functions or the provision of essential services for the State depends
• it applies since 21 September 2019

MATERIALS:

• Cybersecurity in Italy – 2026
• Introduction to cybersecurity: video clip
• White Paper: Digital Compliance [last update: March 2025]

REGULATORY TEXTS:

• DL 105/2019
• Prime Ministerial Decree No. 131/2020
• Prime Ministerial Decree No. 81/2021
• Prime Ministerial Decree of 15 June 2021
• Prime Ministerial Decree No. 92/2022

HIGHLIGHTS:

• it applies mainly to public administration and, to a lesser extent, to certain entities in the private sector
• it covers the cybersecurity of networks and information systems of the entities falling in the scope of the Law
• it applies since 17 July 2024

MATERIALS:

• Cybersecurity in Italy – 2026
• Introduction to cybersecurity: video clip
• White Paper: Digital Compliance [last update: March 2025]

REGULATORY TEXTS:

• Law No. 90/2024

HIGHLIGHTS:

• it applies to all companies that process personal data as controllers or processors
• it covers the protection and movement of personal data
• it applies since 25 May 2018

MATERIALS:

• White Paper: Digital Compliance [last update: March 2025]

REGULATORY TEXTS:

• GDPR
• Privacy Code

IN-DEPTH ARTICLES:

• Guidelines on pseudonymisation
• Company emails and metadata - The Data Protection Authority's guidance document

HIGHLIGHTS:

• it applies to providers of publicly available electronic communications services on public communications networks, as well as to subscribers and users of such services
• it covers the protection of personal data in electronic communications
• it applies since 1 January 2004

MATERIALS:

• White Paper: Digital Compliance [last update: March 2025]

REGULATORY TEXTS:

• e-Privacy Directive

HIGHLIGHTS:

• it applies to suppliers, other subjects that are part of the supply chain of AI systems and models, and deployers of AI systems
• it covers AI systems and AI models for general purposes (e.g., those on which Chat GPT is based)
• it applies, in part, since 2 February 2025

MATERIALS:

• AI Act: infographic [last update: April 2025]
• AI Act: what you (really) need to know [last update: July 2024]
• AI Act: video clip
• White Paper: Digital Compliance [last update: March 2025]

REGULATORY TEXTS:

• AI Act
• AI Bill

IN-DEPTH ARTICLES:

• Artificial Intelligence Bill: first approval by the Senate

HIGHLIGHTS:

• it applies to public bodies, data intermediation service providers, and data altruism organizations.
• it covers the reuse of data held by public bodies that is protected for reasons of commercial confidentiality, statistical confidentiality, IP, and privacy.
• it applies from September 24, 2023.

MATERIALS:

• White Paper: Digital Compliance [last update: March 2025]

REGULATORY TEXTS:

• DGA
• Legislative Decree No. 144/2024

HIGHLIGHTS:

• it applies to manufacturers of connected products, providers of related services, data holders, providers of data processing services including cloud service providers
• it covers access to, use and sharing of data (mostly non-personal) generated by connected products and related services
• it applies from 12 September 2025

MATERIALS:

• White Paper: Digital Compliance [last update: March 2025]

REGULATORY TEXTS:

• Data Act

HIGHLIGHTS:

• it applies to gatekeepers (Alphabet, Apple, Booking, Meta, Microsoft, Amazon, ByteDance).
• it covers fairness and competition in digital markets for the benefit of both business users and end users.
• it applies from 1 November 2022

MATERIALS:

• White Paper: Digital Compliance [last update: March 2025]

REGULATORY TEXTS:

• Data Act

HIGHLIGHTS:

• it applies to a wide range of intermediary service providers, including cloud services, social networking platforms, content sharing platforms, app stores, marketplaces, etc.
• it covers the provision of intermediary services (mere conduit, caching and hosting)
• it applies since 17 February 2024

MATERIALS:

• White Paper: Digital Compliance [last update: March 2025]

REGULATORY TEXTS:

• Digital Services Act

HIGHLIGHTS:

• it applies to certain public entities, as well as private entities that provide essential services and have an average turnover exceeding 500 million euros
• it covers accessibility to essential services
• it applies to private entities since 5 November 2022

REGULATORY TEXTS:

• Stanca Law

HIGHLIGHTS:

• it applies to manufacturers of certain products and other subjects that are part of the supply chain of such products and providers of certain services
• it covers the accessibility to certain products (e.g. PCs, smartphones, tablets, ATMs, e-readers, etc.) and services (e.g. e-commerce, transport, electronic communication, etc.)
• it applies from 28 June 2025

REGULATORY TEXTS:

• European Accessibility Act
• Legislative Decree No. 82/2022