The new framework on NIS2 categorization in Italy introduces significant compliance obligations for entities falling within the scope of the Italian NIS2 regime. The purpose of the categorization exercise is to enable ACN to determine which additional cybersecurity measures will apply depending on the services provided by the relevant entity.
NIS2 supply chain management rules in Italy have recently changed, and the new ACN requirements are reshaping how companies manage suppliers, introducing a continuous compliance model that international businesses cannot afford to overlook.
NIS 2 information sharing agreements are a central focus of Italy’s cybersecurity compliance landscape this July 2025.
The NIS 2 Directive has been implemented in Italy through Legislative Decree No. 138/2024, which has expanded the scope of the regulation at the national level, and one of the first obligations imposed by the decree is the registration on the National Cybersecurity Agency (ACN) portal by the end of February 2025.
