The decree, signed by Undersecretary Alfredo Mantovano, who oversees intelligence matters, updates the regulation on IT goods and services used “in a context related to the protection of national strategic interests and national security.”
Why it matters: Published in the Official Gazette (No. 243, October 18, 2025), following the decree signed on October 2, the measure implements Law 90/2024, Italy’s key cybersecurity reform.
- It introduces new procurement rules for public entities: in sensitive sectors, suppliers and technologies from EU and NATO countries, or from third countries that are part of cooperation agreements with the EU or NATO on cybersecurity, classified information protection, research, and innovation, will be given preferential treatment.
- The decree also updates the Common Procurement Vocabulary (CPV) codes to align public tenders with the new cybersecurity standards.
Between the Lines: It’s a crucial step toward a trusted and allied supply chain, designed to reduce dependence on potentially hostile suppliers – read: China.
- The new provisions extend reward criteria to 4G and 5G mobile services and systems, making them mandatory for all administrations represented in the Interministerial Committee for the Security of the Republic (CISR) and for entities within the National Cybersecurity Perimeter (PSNC).
Decoding the news: The measure, proposed by the National Cybersecurity Agency (ACN), reflects the changing geopolitical landscape and technological evolution.It marks a shift from technical defense to digital sovereignty as a strategic component of national security, aligned with Italy’s Euro-Atlantic posture.
The other pillar: the cyber army. The decree fits into a broader strategy combining the regulatory and operational dimensions.Just days earlier, Defense Minister Guido Crosetto announced the creation of a “cyber army” of 1,500 personnel, tasked with protecting infrastructure and institutions from cyberattacks.Integrated into the Armed Forces, it represents the operational counterpart of the same logic of digital sovereignty expressed in the DPCM.
- On one hand, the government strengthens procurement standards and allied cooperation; on the other, the Defense Ministry builds an autonomous capacity to respond to hybrid threats.
- Together, the two initiatives define cyberspace as the new frontier of national security, alongside land, sea, and air.
Between “Buy American” and “Buy European”. While Donald Trump’s United States doubles down on “Buy American” and the European Commission promotes “Buy European” under the Readiness 2030 plan, Rome is charting a third path: “Buy Transatlantic.”
- Fully aligned with that approach, the new DPCM introduces reward criteria for cyber-secure technologies from EU, NATO, or partner countries such as Japan, Israel, South Korea, Australia, and Switzerland.
- It’s a political choice based on mutual trust, anchoring Italy’s digital security to the transatlantic ecosystem.
In short:
- What changes: 4G and 5G systems, along with their future evolutions, are now part of the technological categories subject to cybersecurity requirements and CPV updates.
- Who decides: The Prime Minister’s Office, based on ACN proposals and CISR input, can update the list of partners and protected technologies.
- Why now: Cybersecurity is becoming a cornerstone of Italy’s national sovereignty and transatlantic alignment, expanding the scope of the National Cybersecurity Perimeter (PSNC).
