Market Intelligence
Cybersecurity Cloud Computing Software Italy

Italy: Cyber Security and Government Procurement

Cyber security is a key priority for the Italian Government.  In November 2019, the Italian Government passed the National Cyber Security Perimeter law (Law 133/2019) which aims to ensure a high level of security for IT networks and services utilized by government agencies, public administration (PA), State-owned entities and those private companies that exercise an essential function of the State or provide services that are fundamental for the country’s interests, including national security.

The Italian Government recently established a new cyber security agency with oversight of the national cloud technology project (often referred to as the National Strategic Pole) outlined in Italy’s Recovery Plan to secure PA data storage.  Some 1.1 billion USD has been allocated for the project and the tender is expected to be released in early 2022, under the purview of Difesa Servizi S.p.A., the Ministry of Defense (MoD) - controlled company that currently certifies MoD suppliers.  Details on the project can be found in the Italian Government’s 3-year IT plan.  Further PA investments are expected for the protection of digital identity and critical infrastructures.  In 2020, the Italian cloud market grew by 21 percent, led by mobile and cloud security, for a total market value of over 3.8 billion USD.

The new cyber agency will oversee the certification of cloud computing services for use by the PA.  The administrative procedure for the validation or certification of services for the Italian PA is the responsibility of the Agency for Digital Italy (AGID).  Services include solutions that fall within the Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) categories.  All certified services are listed on AGID’s cloud marketplace:  https://catalogocloud.agid.gov.it/ (Italian only.)

All firms including foreign may register on the eProcurement Platform https://www.acquistinretepa.it to begin the qualification process of any product or service and proceed to operate on the Electronic Marketplace of the Public Administration (MePA).  In-country legal representatives of U.S. companies may also register.  U.S. companies offering cloud computing services will go through the procedure described above to be “certified”.  A helpful MePA guide in English provide details regarding the qualification process: https://www.acquistinretepa.it/opencms/export/sites/acquistinrete/documenti/airpa/guide/guide_impresa/Qualification_of_a_supplier_to_the_Electronic_Marketplace_MePA.pdf   Check on the status of requests for qualification by sending an email to qualificazioni-cloud@agid.gov.it. U.S. companies should ensure they meet all requirements such as legal entity or legal representative entrusted with the power to act on behalf of the economic operator.  Other important requirements include the use of a digital signature and certified email (PEC).

For more information about the cyber security market in Italy, please contact Maria.Calabria@trade.gov