Share This Article
The National Cybersecurity Agency (Agenzia per la Cybersicurezza Nazionale, ACN) of Italy has released comprehensive guidelines for entities required to perform a registration under the NIS 2 Directive.
These provisions, focusing on digital registration through the ACN portal, outline critical steps for organizations to ensure compliance with Italyโs cybersecurity regulations. The directive mandates that all NIS entities submit essential information via the ACN platform to strengthen cybersecurity resilience across key sectors. This article provides an in-depth guide to navigating the registration process and its implications for businesses.
Key Aspects of NIS 2 Registration in Italy on the ACN Portal
1. The Role of the ACN Portal in NIS Compliance
The ACN portal is central to achieving compliance with the NIS 2 Directive in Italy. Entities must register their details digitally, following the procedures outlined in the ACN determination. The platform simplifies interactions between organizations and the ACN by providing tools for:
- Authentication and Census: Verifying user credentials via Italy’s Public Digital Identity System (SPID) or alternative credentials;
- Entity Registration: Submitting accurate data, including sectoral activity, financial metrics, and compliance details.
- Point of Contact Designation: Assigning an individual responsible for liaising with the ACN.
2. Registration Requirements and Deadlines
Entities classified under NIS 2 must complete their registration process by February 28, 2025, as specified in the ACN guidelines. The process includes:
- Declaring organizational details, such as group affiliations and compliance categories.
- Appointing a Point of Contact to oversee all regulatory communications.
- Providing documentation, including sector-specific compliance details and financial figures, to confirm their status as NIS entities.
Failure to comply with registration requirements can result in fines and restrictions on operations, as per the Italian NIS decree.
3. Who Needs to Register?
The directive applies to a broad range of public and private entities operating in critical sectors, such as:
- Energy
- Transport
- Financial services
- Digital infrastructure
including providers of cloud services which might potentially include any SaaS provider.
Non EU entities providing services in Italy must also appoint a local EU Representative and complete their registration on the ACN portal. The one-stop-shop rule applies in relation to entities operating in multiple EU countries.
4. Ensuring Accurate Registration
The ACN determination emphasizes the need for precision in registration data. Entities are required to:
- Regularly update their information via the ACN portal.
- Validate all submitted data to avoid compliance issues.
- Address discrepancies identified during ACNโs routine checks.
5. Accountability and Governance
Responsibility for compliance lies with the organizationโs administrative and management bodies. These leaders must oversee the entire registration process and ensure alignment with the NIS 2 framework. Indeed, the NIS 2 provides a direct personal liability of the top management of companies for compliance with its terms.
Preparing for NIS 2 Registration in Italy
Many of our clients are at the stage they need to assess whether they are within the scope of the NIS 2 Directive and therefore need to proceed with the registration. ACN might provide informal guidelines, but the potential fines for lack of registration make this decision quite critical.
We will discuss about the above and NIS 2 obligations during an event that will take place at the Milan office of DLA Piper on December 3, 2024. You can register HERE
On the obligations arising under the NIS 2 Directive, you can read this article “NIS 2 Directive Implemented in Italy: What You Need to Know“.
