AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Legislative changes on cybersecurity: new sanctions and notification obligations

New regulations to strengthen cybersecurity in public administrations and the private sector

New laws toughen penalties for unauthorized access to computer systems and oblige public administrations to notify attacks to the National Cybersecurity Agency within 24 hours, under penalty of heavy fines. Plus, they promote encryption and enhance cybersecurity roles.

This pill is also available in Italian language

Recent legislative changes provide for increased penalties for unauthorized access to computer systems and introduce the obligation for public administrations to notify the National Cybersecurity Agency (ACN) of any cyber attack within 24 hours. Public administrations that do not comply with these provisions risk administrative sanctions ranging between 25,000 and 125,000 euros. The same penalty is applied if action is not taken to resolve the vulnerabilities reported within 15 days. These new provisions aim to improve the institutional response to cyber incidents and ensure greater security in public systems.

Expansion of the functions of the ACN and inter-ministerial committee

The National Cybersecurity Agency will not only be responsible for collecting, but also processing and classifying cyber incident notifications. At an institutional level, the Interministerial Committee for the Security of the Republic will see the participation of numerous ministers, including agriculture, infrastructure, transport, university and research, in addition to the traditional figures of foreign affairs, interior, defence, justice, economy, and energy security. This expanded composition will allow for a more integrated and coordinated strategy for national security.

New responsibilities for cybersecurity in public administrations

Each public body will have to establish a unit dedicated to cybersecurity and appoint a contact person for these activities within one year of the law coming into force. These structures and roles will have to be created using the human and financial resources already available, therefore without further burdening public finances. The bill also promotes the use of cryptography and establishes a National Cryptography Center at the Agency. As regards public contracts for IT goods and services, administrations will have to take into account the essential elements of cybersecurity established by a Prime Ministerial Decree, which will reward the use of technologies developed in Italy or in allied countries.

Changes to the penal code and new control measures

The doubling of penalties for unauthorized access to computer systems is accompanied by the introduction of the crime of extortion through computer crimes and new aggravating circumstances for scams committed remotely. A new "repentance" clause provides mitigation for hackers who cooperate to mitigate damage and help authorities. The law also extends the wiretaps provided for organized crime to cyber crimes, under the coordination of the national anti-mafia and anti-terrorism prosecutor. During inspections of judicial offices, compliance with the security regulations in the databases used will be verified. Finally, those who have held senior national security roles will have restrictions on new positions for a period of three years after the termination of their mandate, to prevent possible conflicts of interest.

Follow us on Twitter for more pills like this

05/20/2024 07:28

Editorial AI

Last pills

Data breach: 560 million users involvedHow to protect yourself from the consequences of a major data breach

Ransomware attack on Synnovis: London health services in crisisSevere disruption to pathology and diagnostic services in London

A new LPE exploit for Windows for sale in the undergroundA new local privilege escalation threat for Windows in the underground forums

Critical failure in Check Point VPN solutions: risks and security measuresExposure of enterprise systems: urgent updates and patches to protect networks