ACN's New Determination for NIS Subjects Aligns with NIS 2 Directive

On July 31, 2025, the Italian National Cybersecurity Agency (ACN) published a new determination replacing the previous compliance guidelines for NIS subjects. This update, released at the end of the annual review period, signifies a renewed commitment to cybersecurity compliance and resilience. The new determination aims to strengthen cyber resilience and reduce cyber risks for critical infrastructures, aligning with the EU's NIS 2 Directive. NIS subjects must now comply with these updated requirements to ensure accountability and security. The revised guidelines reflect the expanded scope and heightened security obligations of the NIS 2 Directive. For cybersecurity professionals, this update necessitates a review of existing security frameworks to ensure alignment with the new standards. The focus on cyber resilience highlights the need for enhanced security measures. The broader impact on the cybersecurity landscape includes a renewed emphasis on compliance and security for critical infrastructure operators. Organizations will need to demonstrate adherence to the new requirements. The alignment with the NIS 2 Directive situates these updates within a broader EU-wide initiative to fortify cybersecurity defenses. Cybersecurity professionals should prioritize staying informed about these regulatory changes and ensuring compliance with the new standards. The ACN's new determination reflects the evolving regulatory landscape and the growing importance of cyber resilience in protecting critical infrastructures.