Cybersecurity: the Montecitorio Chamber approves the bill, here are the measures


Montecitorio Chamber Greenlights Cybersecurity Bill: Key Measures Unveiled”

Following a vote of 149 in favor, eight against, and 109 abstentions, the Montecitorio Chamber has approved a significant cybersecurity bill. Now, the bill heads to the Palazzo Madama Assembly for further examination.

This government initiative, spearheaded by Prime Minister Giorgia Meloni and Minister of Justice Carlo Nordio, aims to fortify national cybersecurity and combat computer crimes. Initially comprising 18 articles, the bill expanded to 23 after scrutiny by the joint Constitutional Affairs and Justice commissions.

The bill is crafted to enhance protection and response capabilities in the face of cyber emergencies, aligning with current geopolitical realities. Its primary focus is to strengthen national security for public administrations, businesses, and citizens, given the rising threat posed by potentially hostile technologies. Centralized governance of security aspects and provisions for preventing and combating cybercrimes are key components.

One significant aspect is the reinforcement of the National Cybersecurity Agency (ACN) and its collaboration with judicial authorities during cyberattacks. Moreover, cybersecurity is a pivotal intervention outlined in the National Recovery and Resilience Plan for the digital transformation of public administration and the country’s digitalization.

Among the bill’s measures, entities are obligated to report incidents affecting networks, information systems, and IT platforms managed by designated entities. Notification must be prompt, within 24 hours of awareness, followed by comprehensive disclosure within 72 hours. Public administrations, public and private entities, and operators performing institutional or essential functions for the State are subject to heightened notification obligations.

Furthermore, the bill introduces rules for operational coordination of information services for security and the National Cybersecurity Agency. It also establishes a cybersecurity contact point within public administrations.

Additionally, measures are proposed to verify compliance with encryption guidelines and the conservation of passwords. The bill also promotes the use of cryptography as a cyber defense tool and establishes the National Cryptography Center.

The bill extends to public contracts, incorporating cybersecurity criteria for IT goods and services. Amendments to the Criminal Code are introduced to address cyber offenses, including unauthorized access, data tampering, and extortion through cyber means.

Wiretapping regulations are expanded to cover cybercrimes, under the coordination of the National Anti-Mafia and Anti-Terrorism Prosecutor. Moreover, the bill regulates relationships between the National Cybersecurity Agency, the National Anti-Mafia and Anti-Terrorism Prosecutor, and the Judicial Police.

An amendment permits Ministry of Justice inspectors to conduct database checks. Additionally, the government expressed support for a bill mandating the introduction of an organic regulation of the Trojan tool.