Italian ACN Updates Base Specifications for NIS2 Compliance: Key Implications for Critical and Digital Service Providers

The Italian National Cybersecurity Agency (ACN) has updated its "base specifications" to align with the European Union's NIS2 directive through determination 379907/2025, adopted during the sixth meeting of the "Tavolo per l’attuazione della disciplina NIS." These updates, effective from January 15, 2026, refine the key obligations of the NIS2 directive for entities subject to its provisions, including critical and digital service providers. While the announcement does not detail specific technical modifications, it signifies a critical step in enhancing cybersecurity measures and reporting requirements for regulated entities. The NIS2 directive expands the scope of the original NIS directive, introducing stricter security and incident reporting obligations. Organizations must prepare for compliance by January 15, 2026, by reviewing and enhancing their cybersecurity frameworks. This update underscores the importance of cyber resilience and proactive security measures in safeguarding critical infrastructure and digital services. Cybersecurity professionals should monitor further guidance from the ACN to fully understand the technical implications and ensure timely compliance.