The Consortium provided a written memorandum as part of the parliamentary examination of the transposition scheme of the NIS2 directive
The Italia Cloud Consortium, an organization that brings together Italian companies active in the Cloud computing supply chain, has sent a written contribution to Commissions I and IX of the Chamber of Deputies as part of the examination of the transposition of the NIS2 directive to ensure a high common level of cybersecurity in the Union.
The Consortium's contribution has been received and is currently published on the website of the Chamber of Deputies.
The Italia Cloud Consortium aims to develop the national offer and skills already present in private operators and public administration to support the digitalisation and adoption of cloud technologies in private entities and the public sector.
In the document provided to the parliamentary commissions, the Consortium analyzed the current risk scenarios that require a high level of cyber security within the European Union. Due to recent geopolitical tensions, it is clearly emerging that the cyber threat and the number of attacks in the various production sectors and public bodies are significantly increasing, including in Italy. The Consortium believes that, in the short term, the risk of entrusting national strategic data to foreign technology providers in the cloud computing sector should be better weighed.
“Given the innovations introduced by the European regulation of the NIS2 directive – he underlines Michele Zunino, President of the Italia Cloud Consortium and CEO of Netalia – an internal policy strategy for the diversification of the cloud solutions on which the services of our public administration rely should be further considered, in order to reduce, to the point of eliminating, the dependence on non-European technological solutions".
In the document, the Consortium proceeds to indicate that the continuing context of conflict between states is showing the high risk of relying on a few critical foreign suppliers in a globalized economy. For this reason, operators today oppose exclusive agreements with a single supplier and the Italia Cloud Consortium suggests reducing dependence on non-European products or services, in order to develop an internal knowledge economy capable of strengthening cybersecurity rules.
Then entering into the merits of the impact analysis of the art. 26 on Jurisdiction and Territoriality of entities that fall within the scope of application of the NIS2 directive, the Consortium underlines the importance of paying greater attention to the issue of the provision of cloud computing services in Italy by a subject considered under the jurisdiction of another Member State or whose information and network systems are located on the territory of other Member States, but whose services are available on the Italian national territory.
The critical issues that could emerge are various since the Directive limits itself to providing for coordination between the relevant European Authorities which maintain supervisory powers at local level. The risk indicated by the Consortium is that the case known as "forum shopping" could occur, i.e the choice of the head office by the operator on the basis of opportunistic reasons in order to guarantee a more advantageous jurisdiction.
"When a country like Italy entrusts critical data to foreign operators outside Europe - continues Michele Zunino, even if they are in partnership with local operators but with their permanent headquarters in another Member State, it will be necessary to evaluate from the beginning that they could lose control. Forever."
To improve cyber defense and technological dependence on foreign products and services, the Consortium believes the valorization of Italian companies active in the cloud and cybersecurity is essential. The creation of a "national champion" in cybersecurity or of a few entities that can excel at various levels with other European operators is not considered appropriate. The Consortium believes it is appropriate to maintain and develop a fair industrial ecosystem distributed throughout the national territory, not only through the creation of startups, but by growing existing SMEs which already offer advanced technological services in the cloud and cybersecurity fields, including regional in-houses which have always been the territorial reference for citizens who benefit from innovative public services.
