new Cybersecurity Rules Favor Specific Nations in Italian Tech Procurement
New guidelines enacted on November 3rd by Italy‘s National Cybersecurity Agency introduce a points-based system in public procurement for strategically important digital technologies.This system awards companies utilizing cyber defense systems originating from a select group of nations an advantage of eight points in tender evaluations.
The favored countries include those within Italy, the European Union, and NATO, alongside Japan, Australia, South Korea, New Zealand, Switzerland, and Israel. Israel’s inclusion is notable as the only non-NATO, non-EU nation on the list, reflecting its established and dominant role in the surveillance and digital security industry.
The “reward” applies to critical technologies like firewalls, intrusion detection systems, cloud security, and network monitoring. Companies must demonstrate the origin of their components thru detailed Bills of Materials (BOMs or SBOMs), with compliance resulting in the automatic awarding of the eight points – a binary pass/fail system.
This policy has meaningful implications,particularly for the rollout of 4G and 5G networks,where the bonus system is mandatory for national security-related administrations. This elevates procurement beyond purely economic or technical considerations, introducing a clear element of geopolitical alignment. While framed as ensuring supply chain security, the guidelines effectively channel public funds towards suppliers already aligned with existing intelligence and defense partnerships.
Israel’s position as a strategic supplier is central to this shift. The inclusion acknowledges a pre-existing, robust relationship with Israeli companies specializing in network monitoring, behavioral analysis, and surveillance technologies. Israel’s cyber-military ecosystem, fueled by Unit 8200, effectively bridges the gap between defense, security, and the commercial market.
The new rules incentivize Italian companies to integrate technologies from these approved nations – including Tel Aviv – to remain competitive in public tenders. This effectively imports not only the technology itself, but also the underlying surveillance and control models.
The government defends the policy as a necessary measure to protect against hostile actors like China and India, and to mitigate the risks of supply chain fragmentation. However, critics argue the policy treats cybersecurity as an extension of foreign policy, defining “reliable” based on diplomatic and military alignment rather than purely technical merit.
Ultimately, this approach will likely lead to a greater reliance on technologies developed within a security-focused, and often conflict-driven, industrial context, reshaping Italy’s cybersecurity landscape and perhaps limiting the growth of self-reliant domestic capabilities.