Italy Bolsters Digital Defenses for 4G and 5G Networks with New Decree

New Decree Enhances Mobile Network Security

The Italian government has enacted a new decree on October 21, 2025, to reinforce the cybersecurity framework for 4G and 5G mobile services. This legislative action, published in the Official Gazette on October 18, 2025, is a critical step in protecting Italy's national strategic interests and security in the digital domain. The decree was signed by Undersecretary Alfredo Mantovano, who is responsible for intelligence matters, and was proposed by the National Cybersecurity Agency (ACN).

Strategic Objectives and Scope

The primary objective of the new regulation is to include 4G and 5G mobile services and systems, encompassing both stand-alone and non-stand-alone configurations, within the categories of IT goods and services subject to stringent cybersecurity requirements. This expansion is part of a broader strategy to enhance Italy's digital sovereignty and reduce dependence on suppliers from countries that could pose a security risk. The measure is designed to align Italy's digital infrastructure with its Euro-Atlantic posture, reflecting evolving geopolitical and technological landscapes.

Key Provisions and Procurement Rules

The decree introduces several significant provisions aimed at bolstering the security of critical digital infrastructure:

• Updated Regulations: It updates existing regulations concerning IT goods and services utilized in contexts vital to national strategic interests and security.
• Preferential Treatment: New procurement rules will grant preferential treatment to suppliers and technologies originating from EU and NATO countries, or from third countries that have established cooperation agreements with the EU or NATO on cybersecurity, classified information protection, research, and innovation.
• CPV Code Alignment: The decree also updates the Common Procurement Vocabulary (CPV) codes to ensure public tenders adhere to the new cybersecurity standards.
• Mandatory Criteria: The enhanced cybersecurity criteria for 4G and 5G mobile services are now mandatory for all administrations represented in the Interministerial Committee for the Security of the Republic (CISR) and for entities operating within the National Cybersecurity Perimeter (PSNC).

Context within Italy's Cybersecurity Framework

This latest decree is an implementation of Law 90/2024, which represents Italy's overarching cybersecurity reform. It also serves to transpose the NIS2 Directive (Directive (EU) 2022/2555) into Italian law, a directive aimed at establishing a high level of cybersecurity across the European Union. Italy has been progressively strengthening its cybersecurity legislation, building upon previous measures such as Decree-Law 105/2019, known as the National Cybersecurity Perimeter Law, and the 'Golden Power' legislation, which grants the government special powers to intervene in strategic sectors, including those involving 5G technology.