Cybersecurity SME

Check Compliance

Cybersecurity for the Telecommunications Sector

Telecom operators, ISPs and communication service providers. 100-10000 employees.

Applicable Regulations

GDPR

EU Regulation 2016/679

Personal data protection in the European Union

Penalties: Up to €20M or 4% of annual global turnover

Authority: Data Protection Authority (Garante per la Protezione dei Dati Personali)

NIS2

EU Directive 2022/2555 - Legislative Decree 138/2024

Network and information security for essential and important entities

Penalties: Up to €10M or 2% of annual turnover

Authority: ACN - National Cybersecurity Agency

Deadline: October 17, 2024

DORA

EU Regulation 2022/2554

Digital operational resilience for the financial sector

Penalties: Up to €10M or 5% of annual turnover

Authority: EBA, ESMA, EIOPA (ESAs) - Bank of Italy in Italy

Deadline: January 17, 2025

ISO 27001

ISO/IEC 27001:2022 - International standard

Information Security Management System (ISMS)

Penalties: N/A (voluntary standard)

Authority: Accredited certification bodies (Accredia in Italy)

PCI-DSS

PCI-DSS v4.0 (effective March 31, 2024)

Security standard for entities that handle, process, or transmit payment card data

Penalties: Fines from card networks (Visa, Mastercard) up to $500K/month + revocation

Authority: PCI Security Standards Council

PSNC

Law 133/2019 - Decree-Law 105/2019

Protection of national critical infrastructure

Penalties: Criminal and administrative penalties up to €150K

Authority: ACN - National Cybersecurity Agency

Circolare 285

Circular No. 285 of December 17, 2013 (continuously updated)

Prudential supervisory provisions for banks (Title IV, Ch. 4-5)

Penalties: Administrative penalties + formal reprimands from Bank of Italy

Authority: Bank of Italy

IVASS 38

IVASS Regulation No. 38 of July 3, 2018

Corporate governance system for insurance undertakings

Penalties: Administrative penalties from IVASS

Authority: IVASS - Institute for the Supervision of Insurance

eIDAS

EU Regulation 910/2014 + EU Regulation 2024/1183 (eIDAS 2.0)

Digital identity and qualified trust services (digital signature, certified email, time stamp)

Penalties: Up to €5M or 2% of annual turnover

Authority: AgID - Agency for Digital Italy

Deadline: May 20, 2026

CAD

Legislative Decree 82/2005 (and subsequent amendments)

Digitalization of Public Administration

Penalties: Managerial liability + administrative penalties

Authority: AgID - Agency for Digital Italy

AgID

AgID Circular No. 2/2017 + subsequent Guidelines

Minimum ICT security measures for Public Administrations

Penalties: Managerial liability + administrative penalties

Authority: AgID - Agency for Digital Italy

AI Act

EU Regulation 2024/1689

Regulation of artificial intelligence systems in the EU with a risk-based approach. Phased application: prohibited practices from Feb 2, 2025, GPAI obligations from Aug 2, 2025, high-risk systems from Aug 2, 2026

Penalties: Up to €35M or 7% of turnover (prohibited practices); €15M or 3% (other obligations); €7.5M or 1% (inaccurate information). SMEs: proportionate caps

Authority: AI Office (EU Commission) + AgID (Italy)

Deadline: August 2, 2026

Discover Your Compliance Level for Telecommunications

Check in just a few minutes which regulations apply to your telecommunications business and the priority actions to become compliant.

Start Free Assessment