Newsalert | Public Law, Regulatory & Authorities; Data Protection and Cybersecurity 06/02/2026

On 17 July 2024, Italy adopted Law no. 90/2024, the Cybersecurity Enhancement Act (CEA), to strengthen the national cybersecurity posture, including by introducing new cybersecurity requirements for the procurement of ICT assets. In 2025, two new implementing decrees - the “Implementing DPCM” and the “Supplementing DPCM”- were adopted, and the Italian National Cybersecurity Agency (ACN) published new guidelines to clarify the practical application of the law.

In the latest newsalert, Chiomenti Professionals analyzed the key elements of the new framework, with specific reference to the premium criteria based on geographic origin, highlighting the core framework of Art. 14 CEA, the Implementing Decrees and the ACN guidelines. Moreover, they have also considered the practical implications for companies after the introduction of the new regime.