The contribution examines the obligations of private entities in the field of cybersecurity through a multi-level, top-down approach. It first focuses on the main developments in intergovernmental negotiations on the subject (with special regard to the open-ended working group on security of and in the use of information and communications technologies). While the primary responsibility in this area lies with states, a number of general principles can be derived regarding the obligations of private actors. A stronger focus on private obligations emerges in the EU’s ‘NIS2’ Directive, which has replaced the previous NIS Directive. The instrument draws a complex framework of duties and sanctions for private entities operating in critical sectors. The presentation then examines the Italian domestic framework, which is mainly characterised by the legislation transposing the NIS2 directive and the law establishing the national cybersecurity perimeter. Finally, the discussion turns to how the cybersecurity regulatory framework (covering the entire supply-chain), paired with the confidentiality regime applicable to the designation of entities within the scope of the ‘NIS2’ directive and the national cybersecurity perimeter, may implicate pre-contractual responsibility issues.
Private Obligations in the Field of Cybersecurity / Argentini, Marco. - (2025). ( Regulating Activities in the Cyberspace: International and European Perspectives Bologna 13/02/2025).
Private Obligations in the Field of Cybersecurity
Marco Argentini
2025
Abstract
The contribution examines the obligations of private entities in the field of cybersecurity through a multi-level, top-down approach. It first focuses on the main developments in intergovernmental negotiations on the subject (with special regard to the open-ended working group on security of and in the use of information and communications technologies). While the primary responsibility in this area lies with states, a number of general principles can be derived regarding the obligations of private actors. A stronger focus on private obligations emerges in the EU’s ‘NIS2’ Directive, which has replaced the previous NIS Directive. The instrument draws a complex framework of duties and sanctions for private entities operating in critical sectors. The presentation then examines the Italian domestic framework, which is mainly characterised by the legislation transposing the NIS2 directive and the law establishing the national cybersecurity perimeter. Finally, the discussion turns to how the cybersecurity regulatory framework (covering the entire supply-chain), paired with the confidentiality regime applicable to the designation of entities within the scope of the ‘NIS2’ directive and the national cybersecurity perimeter, may implicate pre-contractual responsibility issues.| File | Dimensione | Formato | |
|---|---|---|---|
|
22. 2025.02.13 UNIBO-ILA-ACN, Regulating Activities in the Cyberspace (13Feb24) (5.pdf
solo utenti autorizzati
Licenza:
Accesso privato/ristretto
Dimensione
182.27 kB
Formato
Adobe PDF
|
182.27 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
