Industry deep dive

Public Administration — ACN-scoped

For the Italian PA in scope of decreto legislativo 138/2024 + ACN supply-chain requirements: on-prem, certified, evidence-backed.

The Italian transposition of NIS2 (decreto legislativo 138 of October 2024) brought thousands of public-administration bodies — central agencies, regions, large municipalities, healthcare authorities — into a regime of personal accountability for cybersecurity adequacy. ACN guidance combined with AgID requirements and the supply-chain provisions of the Perimetro di Sicurezza Nazionale Cibernetica create a procurement environment where SaaS security tooling is increasingly disqualified before evaluation. The 2025 wave of named attacks on Italian regional authorities and healthcare ATS / ASL bodies has made the topic board-level.

What is on the PA CISO's desk

Personal liability under decreto 138/2024

Top management is now personally accountable for "adequate, proportionate, effective" measures. The standard of proof is documentary evidence, not best-effort attestation.

AgID + ACN procurement requirements

Cloud-related procurement for PA requires qualification levels (QC1-QC4) with explicit data-locality and processor-control requirements. Many SaaS security tools cannot satisfy QC3+ for production telemetry.

Perimetro Nazionale Cibernetica supply chain

For PSN-included entities, every ICT product in production must pass the CVCN evaluation. Vendor-cloud dependencies dramatically expand the evaluation surface.

Ransomware against regional administrations

Multiple named Italian regional and ATS incidents through 2025-2026 have demonstrated that the assumption of "we are too small to be targeted" no longer holds for any PA body with funding or citizen data.

How Zero Hunt fits the Italian PA procurement

Pillar 3 — Automatic Compliance

NIS2 + AgID + Perimetro evidence mapping in one engine

Every detected finding and traffic event is auto-mapped to the controls of NIS2 (decreto 138), AgID circulars, and ISO 27001 where applicable. The Trust Center produces signed bundles that align with both the ACN auditor and the AgID Cloud-Italia accreditation processes.

Pillar 1 — Generative Pentest

Continuous validation without the SaaS dependency

The appliance runs entirely on-prem (or in a Cloud-Italia QC3-qualified environment if you genuinely need it). No vendor-cloud touch point on production telemetry. The 10-agent swarm and the AI Gym backtest corpus all live inside the perimeter.

Pillar 2 — AI Traffic Analysis

Network-side detection on flat municipal estates

Most PA networks are flatter than the network diagram suggests. The AI Traffic engine catches the in-progress patterns (lateral movement, exfiltration, ransomware staging) that an endpoint-only stack misses on the unmanaged or partially-managed segments typical of regional / municipal estates.

Capability emphasis for the PA

▸Italian-language Trust Center export aligned with ACN expectations
▸No vendor-cloud touch points: Cloud-Italia QC3 / QC4 friendly
▸Documented chain-of-custody for personal-liability defensibility under decreto 138
▸OT/ICS detection for utility-adjacent PA bodies (regional water, transport)
▸Air-gap option for classified or defence-adjacent agencies

Who buys this in the PA

RSPI / CISO sponsoring; Direttore Generale signing because personal liability is now on the line under decreto 138; AgID-qualified procurement office validating against cloud-qualification requirements; consulting partner (system integrator or accredited reseller) on the procurement side. The conversation tends to be channel-led — see the partner program for accredited Italian PA integrators.

Go deeper on the regulations

Want to see this against your environment?

A 30-minute technical demo runs Zero Hunt against a recorded slice of your stack, scoped to the regulatory regime you operate under.

Request a demo See the platform

← All industries ← Back to Home