Italian Cybersecurity Draft Law: between the toughening of the criminal response of the national legislator and the preventive-administrative model of the NIS2 directive

Abstract

This paper aims to shed light on a particular critical aspect raised by the so-called 'DDL Cybersecurity', i.e., the response of the national legislator in the cybersecurity field mainly centred on the tightening of criminal repression in the face of the NIS2 directive model, which, on the contrary, provides a complex framework of instruments for the prevention and management of cybersecurity risk of a more markedly private-administrative nature. One interpretation that can be put forward is that this 'step beyond' of the Italian legislator, pending the transposition of the NIS2 directive, is linked to a more general problem that characterises the regulation of cybersecurity in the Union: depending on whether the legislative initiative is taken respectively by the Member States or by the European Commission, cybersecurity is respectively declined in terms of national security or the functioning of the internal market and cooperation.