On Feb. 13, 2025, ITA ACN reminded NIS Subject Registration deadline approaches.
Important entities operating in sectors of new NIS regulation, eligible to fall within the scope of application, respect deadline, as failure to register entails financial penalties.
To determine if requirements exist, first step is to complete self-assessment process.
ITA ACN published dedicated section on NIS with all necessary information, guidance in FAQ 3.1 and specific indications for each sector.
There are many types of subjects, many sectors, some of which, for first time, obliged to comply with the safety measures and obligations dictated by the new regulation.
E.g. wastewater and waste management, food, chemicals and manufacturing (section C, divisions 21, 26, 27, 28, 29 and 30, of NACE/ATECO).
In cases where, post self-assessment, potential NIS entity believes it falls within scope it must have information in FAQ 3.5 as necessary for registration; deadline is Feb. 28.
On Jan. 15, ITA ACN provided information for effective implementation.
ITA ACN issued dates, useful information for effective NIS Regulation implementation.
Follows ITA GVT Oct. 2024 issued Legislative Decree on cybersecurity, see #228479.
Overview
NIS2, implemented with DLgs 138/2024, has been in force since Oct. 16, 2024.
ITA ACN coordinates implementation of new reg as Competent National Authority.
To ensure effective implementation, some key milestones are planned; first is registration via services portal of ITA ACN, by public or private organizations that meet specific requirements set out in NIS legislation.
Registration
Registration by Jan. 17, 2025 for those in art 42.1a), including cloud computing providers, data centers, managed services (including security) and online markets.
For all other entities included in the decree scope registration due by Feb. 28, 2025.
Registration is functional to allow ITA ACN to census entities operating in NIS sectors.
As well as to provide them with support in implementation phase of obligations, via articulated monitoring activities and assistance in their shared growth path.
ITA ACN website provides information on sectors and subsectors included in NIS world.
Also includes methods for determining whether organization is essential or important (see in particular FAQ 2.8, 2.9, 2.12 and 2.13).
Other deadlines
ITA ACN will notify all registered entities by mid-Apr. if they have been included in NIS entity list and publish basic obligations re incident notification, cybersecurity measures.
NIS subjects must report incidents from Jan. 2026; complete basic cybersecurity measures by Oct. 2026; early preparation crucial to implementation of the regulation aimed at increasing cybersecurity of NIS entities' networks and information systems.
Feb. 4, 2025 Update
On Feb. 4, 2025, ITA ACN said NIS obligations are coming soon, reminded of deadline.
All NIS subjects, from Dec. 1, 2024 to Feb. 28, 2025, can register at its services portal.
Now less than a month left to fulfill obligation, first in process of gradual, proportionate increase in cybersecurity position of the national production and industrial fabric.
To promote smooth registration process recommends to immediately proceed with the census of contact point and completion of declaration on the services portal.
Dedicated section has information material and collection of FAQ, constantly updated.
In particular, highlights FAQ 3.1, which outlines self-assessment process that potential NIS subjects will have to carry out to determine whether or not they need to register.
Registration deadline for all NIS entities is Feb. 28 and failure to register is subject to fines set out in art 38 paras 10-11 NIS decree, up to a maximum of 0.1% of turnover.
Feb. 13, 2025 Reminder
On Feb. 13, 2025, ITA ACN reminded NIS Subject Registration deadline approaches.
Important entities operating in sectors of new NIS regulation, eligible to fall within the scope of application, respect deadline, as failure to register entails financial penalties.
To determine if requirements exist, first step is to complete self-assessment process.
ITA ACN published dedicated section on NIS with all necessary information, guidance in FAQ 3.1 and specific indications for each sector.
There are many types of subjects, many sectors, some of which, for first time, obliged to comply with the safety measures and obligations dictated by the new regulation.
E.g. wastewater and waste management, food, chemicals and manufacturing (section C, divisions 21, 26, 27, 28, 29 and 30, of NACE/ATECO).
In cases where, post self-assessment, potential NIS entity believes it falls within scope it must have information in FAQ 3.5 as necessary for registration; deadline is Feb. 28.
Regulators
ITA ACN
Entity Types
Corp
Reference
PR 2/13/2025; PR 2/4/2025; FAQ, PR, 1/15/2025; DLgs 138/2024; NIS Dir 2016/1148, NIS 2 Dir 2022/2555
