Italy published an enhanced iteration of its National Framework for Cybersecurity and Data Protection that, while described as national, closely follows the U.S. National Institute of Standards and Technology’s Cybersecurity Framework 2.0. This reflects and diverges from EU regulatory ambitions under the Network and Information Systems Directive 2. Data protection professionals must closely watch this emerging convergence of cybersecurity management and data protection obligations. Italy’s updated framework goes a step beyond the strategy plan initially outlined in 2015, followed by a 2019 adaptation to encompass obligations introduced by the GDPR. This new edition has been designed as an operational reference framework to help public and private organizations – regardless of size – organize and govern cybersecurity and data protection activities in a logical and scalable way.
