Loading...

Guides

How to register for NIS2: a complete guide

The NIS2 Directive (Network and Information Security) is a European regulation aimed at standardizing cyber security across member states. In Italy, it was implemented through the NIS Decree (No. 138/2024) and applies to public entities, private organizations, and certain public administrations, classified as essential or important based on their impact on critical services. The affected organizations are required to register on the NIS2 portal, with non-compliance subject to penalties of up to 0.1% of their global annual revenue.

Network and Information Security

Table of contents

  • What is the NIS2 directive and who does it apply to
  • The NIS2 registration process
  • Deadlines and consequences of non-registration
  • Why registration is essential

The NIS2 directive, which came into effect on October 16, 2024, represents a significant step in strengthening cyber security across Europe. In Italy, the NIS legislative decree, adopted on September 4, 2024, requires public and private entities to register on the platform set up by the National Cyber Security Agency (ACN) by February 28, 2025.

This guide outlines the NIS2 registration process, detailing the necessary steps and available resources to facilitate compliance. 

What is the NIS2 directive and who does it apply to

The NIS2 (Network and Information Security) directive is a European regulatory framework aimed at ensuring a uniform level of cyber security across member states. In Italy, it was transposed through the NIS Decree (no. 138/2024). 

The scope of application is broad, covering both public and private entities, including medium and large enterprises, as well as certain public administrations. These entities are classified as essential or important based on their impact on the supply chain and fundamental services to society. 

Organizations falling under this classification are required to register on the NIS2 registration portal to be included in the list of NIS entities. Failure to register may result in significant penalties, up to 0.1% of the entity’s worldwide annual turnover. 

The NIS2 registration process 

Registration on the ACN platform is governed by Article 7 of the NIS decree, with procedures, deadlines, and processes defined by Determination 38565/2024. The process involves multiple phases and requires thorough preparation. 

Here’s how to proceed: 

Designating a point of contact 

Before beginning NIS2 registration, each organization must designate a point of contact. This person, who may be a delegated employee or the legal representative, will be responsible for completing and managing the data on the platform. 

To proceed, it is required to have the entity’s tax code and for public administrations, the IPA code

Accessing the portal and uploading documents 

From December 1, 2024, the point of contact can log in to the NIS2 registration portal using the SPID (Digital Identity System). During this phase, they must: 

  • Upload a document proving their legal authorization (if applicable);
  • Verify the association with the organization via a link sent to their digital address. 

Completing the declaration 

The NIS declaration, as required by the NIS decree, consists of four sections: 

  • General context;
  • Entity characterization;
  • Types of activities performed; 
  • Self-assessment of the significant impact of the services provided. 

A helpful video tutorial on NIS2 registration is available on the portal, offering step-by-step guidance for completing the process. 

Submission and confirmation 

Once the declaration is completed, the point of contact must accept the liability clauses and submit the form to ACN. A copy will be sent to the entity’s digital address, thus completing the registration process.

Process of registration

Deadlines and consequences of non-registration

The deadline for completing registration is February 28, 2025. After this date, the declarations will be analyzed by ACN to update the list of NIS entities

Results will be communicated by April 2025. Failure to register may result in significant financial penalties that could jeopardize business continuity. 

Why registration is essential

Complying with the NIS2 directive is not just a regulatory requirement but also an opportunity to enhance internal security measures, protecting critical data and infrastructures.

Compliance ensures alignment with European standards, strengthening confidence in the organization. 


Questions and answers 

  1. What is the NIS2 directive? 
    NIS2 is a European regulation aimed at harmonizing cyber security among member states. 
  2. Who must register on the NIS2 portal? 
    Medium and large enterprises, some microenterprises, and public administrations classified as essential or important. 
  3. How do I access the NIS2 portal? 
    The point of contact logs in via SPID on the portal provided by ACN. 
  4. What is required for registration? 
    Tax code, IPA code (for public administrations), and a legal document authorizing the point of contact. 
  5. When does registration close? 
    The deadline is February 28, 2025. 
  6. What are the penalties for non-registration? 
    Penalties can amount to up to 0.1% of the entity’s global annual turnover. 
  7. What is the NIS point of contact? 
    A designated representative responsible for managing the registration and declaration process. 
  8. What documents must be uploaded to the portal? 
    A legal document authorizing the point of contact, if not the legal representative. 
  9. What is the NIS entities list? 
    A national registry of organizations subject to the NIS2 directive. 
  10. Where can I find a tutorial for registration? 
    A video tutorial for NIS2 registration is available on the ACN portal. 
To top