Also envisaged is the power to limit the scope of action of specific companies in the sector 5G and also the veto on the adoption of acts or operations of non-EU subjects intending to acquire national companies of critical infrastructures, data and financial management. In short, there are no explicit references to companies like Huawei and ZTE, but the law now allows action to be taken to deal with any emerging security problem.
Another novelty on the cybersecurity front, as La Repubblica explains, concerns the obligation for public administrations, national bodies and operators – public and private – to protect themselves against any computer threat within the next few months. We obviously talk about the realities that they carry out fundamental activities for the State or provide essential services in civil, social and economic fields. The application will be gradual and initially the 100 most strategic realities will be part of the calculation.
Instead it will be mandatory immediately for all reporting of cyber attack to CSIRT (computer security incident response team) of the Information and Security Department. The latter will coordinate and monitor the monitoring and management processes for any attacks.
The question of the certifications of goods and services still remains that SMEs will be forced to obtain to supply the entities included in the safety perimeter established by the standard. Tax concessions are hypothesized, but at the moment there is no agreement in this regard.