The NIS 2 Decree (Legislative Decree 138/2024), effective October 16, 2024, implements the principles of the European NIS2 Directive, laying the foundation for a more complex operational model of collaboration between stakeholders and the competent authority regarding cyber incident management. This management is essentially more rigorous, structured, and binding, with extended notification obligations and specific deadlines for businesses and public administrations. In fact, to fulfill the obligations set forth in Articles 23, 24, and 25 of the decree, NIS entities are required to adopt security measures and notify CSIRT Italia – the unit established within the ACN to monitor and respond to