Notification Detail | TRIS - European Commission

Determination of the Director-General of the National Cybersecurity Agency referred to in Article 31(1) and (2) of Legislative Decree No 138 of 4 September 2024, adopted in accordance with the procedures referred to in Article 40(5)(l), which, [...]

Notification Number:

2025/0433/IT (Italy)

Date received:

08/08/2025

End of Standstill:

11/11/2025

Draft Text:

IT EN

Click here for a printable version of this page

Message

Message 001

Communication from the Commission - TRIS/(2025) 2128

Directive (EU) 2015/1535

Notification: 2025/0433/IT

Notification of a draft text from a Member State

Notification – Notification – Notifzierung – Нотификация – Oznámení – Notifikation – Γνωστοποίηση – Notificación – Teavitamine – Ilmoitus – Obavijest – Bejelentés – Notifica – Pranešimas – Paziņojums – Notifika – Kennisgeving – Zawiadomienie – Notificação – Notificare – Oznámenie – Obvestilo – Anmälan – Fógra a thabhairt

Does not open the delays - N'ouvre pas de délai - Kein Fristbeginn - Не се предвижда период на прекъсване - Nezahajuje prodlení - Fristerne indledes ikke - Καμμία έναρξη προθεσμίας - No abre el plazo - Viivituste perioodi ei avata - Määräaika ei ala tästä - Ne otvara razdoblje kašnjenja - Nem nyitja meg a késéseket - Non fa decorrere la mora - Atidėjimai nepradedami - Atlikšanas laikposms nesākas - Ma jiftaħx il-perijodi ta’ dewmien - Geen termijnbegin - Nie otwiera opóźnień - Não inicia o prazo - Nu deschide perioadele de stagnare - Nezačína oneskorenia - Ne uvaja zamud - Inleder ingen frist - Ní osclaíonn sé na moilleanna

MSG: 20252128.EN

1. MSG 001 IND 2025 0433 IT EN 08-08-2025 IT NOTIF

2. Italy

3A. Ministero delle Imprese e del Made in Italy
Dipartimento Mercato e Tutela
Direzione Generale Consumatori e Mercato
Divisione II. Normativa tecnica - Sicurezza e conformità dei prodotti, qualità prodotti e servizi
00187 Roma - Via Molise, 2

3B. Agenzia per la cybersicurezza nazionale

4. 2025/0433/IT - V00T - TELECOMS

5. Determination of the Director-General of the National Cybersecurity Agency referred to in Article 31(1) and (2) of Legislative Decree No 138 of 4 September 2024, adopted in accordance with the procedures referred to in Article 40(5)(l), which, [...]

6. Information systems and networks of essential and important subjects pursuant to Legislative Decree No 138/2024 (the NIS Decree) transposing Directive (EU) 2022/2555 (the NIS 2 Directive).

7.

8. This draft lays down basic methods and specifications for fulfilling the obligations set out in Articles 23, 24, 25, 29 and 32 of Legislative Decree No 138 of 4 September 2024 (the NIS Directive) transposing Directive (EU) 2022/2555 (the NIS 2 Directive).
Specifically, Article 1 contains the definitions, Article 2 introduces the technical annexes (basic security measures for important and essential entities and basic significant incidents for important and essential entities), Article 3 lays down the terms of adoption in line with the provisions of Article 42(1)(c) of the NIS Directive, Article 4 is dedicated to the obligations regarding the security, stability and resilience of domain name systems, specific to top-level domain name registry operators (TLDs) and domain name registration service providers (registrars and their agents), Article 5 lays down the deadline for the start of the obligation to notify incidents for subjects included in the National Cybersecurity Perimeter, Articles 6 and 7 lay down the transitional regime towards the new NIS system respectively for operators of essential services, identified pursuant to Legislative Decree 65/2018, and for telecommunications operators, identified pursuant to the Decree of the Minister for Economic Development of 12 December 2018.

9. This draft is adopted pursuant to Article 42(1)(c) of Legislative Decree No 138 of 4 September 2024 (the NIS Directive) transposing Directive (EU) 2022/2555 (the NIS2 Directive) and lays down the basic methods and specifications for ensuring the security of network and information systems of NIS entities, understood as the ability of network and information systems to withstand, with a certain level of reliability, events that could compromise the availability, authenticity, integrity or confidentiality of the data stored, transmitted or processed or the services offered by or accessible through these networks and information systems.

10. References to basic texts:

11. No

12.

13. No

14. No

15. No

16.
TBT aspects: No

SPS aspects: No

**********
European Commission
Contact point Directive (EU) 2015/1535
email: grow-dir2015-1535-central@ec.europa.eu

Disclosed messages

message-id	Year	Number	Country	Type	Title	Date received	Is answer to
112660	2025	2129	COMEuropean Commission	003	Receipt of the draft text	08-08-2025
112661	2025	2130	COMEuropean Commission	037	Competitiveness analysis	08-08-2025

Languages

Stakeholders Contributions

The TRIS website makes it easy for you or your organization to share your views on any given notification.

Due the notification’s status or the end of standstill, we are currently not accepting any further contributions for this notification via the website.

No contributions were found for this notification