The new the Regulation on the National Cybersecurity Perimeter into force.

Starting from today the Regulation amending Annex A to Prime Ministerial Decree no. 81 of 14 April 2021, establishing the National Perimeter for Cybersecurity is fully applicable.

 

The Regulation provides for the National Cybersecurity Perimeter applicable to public and private entities and operators with registered office in the national territory, which perform essential functions of the State, or which provide an essential service for the maintenance of civil, social or economic activities that are fundamental to the interests of the State, and whose malfunctioning, interruption,  or partial or improper use, could harm national security.

 

The Regulation also provides for specific obligations for the subjects included in the National Cybercyber Perimeter, such as:

 

• reporting cybersecurity incidents to the National Cybersecurity Agency (ACN);

• the implementation of specific safety measures based on risk analysis; and

• compliance with standards for risk management, incident response, data protection, continuity of service and ICT procurement.

In addition, the incident reporting obligations under the Regulation meet the obligations set out in Article 25 of the Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive).