ISMS Copilot
D.Lgs. 138/2024

D.Lgs. 138/2024 Copilot

Navigate Italy's NIS 2 transposition with clarity and confidence

Start Free TrialSee it in action

What the D.Lgs. 138/2024 Copilot Can Do

Identify whether your organisation falls under Allegato I or Allegato II

Understand the Art. 23 governance and training obligations for management bodies

Map your controls to the ten risk areas listed in Art. 24, comma 2

Navigate the 24-hour, 72-hour, and one-month notification chain under Art. 25

Interpret the Art. 38 penalty thresholds for essential and important entities

Track transitional deadlines set out in Art. 42 for ACN platform registration

About D.Lgs. 138/2024 Copilot

D.Lgs. 138/2024 transposes the EU NIS 2 Directive into Italian law, establishing cybersecurity risk management and incident notification obligations for essential and important entities under the supervision of ACN. The Copilot helps you work through the decree's requirements, from scope and classification to governance duties and enforcement rules.

Who it's for

NIS 2

Parent EU directive — transposed into Italy's national law.

NIS 2 Germany

Sister national transposition of NIS 2.

NIS 2 Belgium

Sister national transposition of NIS 2.

Frequently Asked Questions

What is D.Lgs. 138/2024?

D.Lgs. 138/2024 is the Italian legislative decree that transposes Directive (EU) 2022/2555 (NIS 2) into national law. It entered into force on 16 October 2024 and places cybersecurity risk management, incident notification, and governance obligations on essential and important entities, with ACN as the sole competent authority for supervision and enforcement under Capo V.

How does the D.Lgs. 138/2024 Copilot help?

The Copilot helps you interpret the decree's requirements article by article — for example, understanding how Art. 24's multi-risk approach applies to your sector, or how to structure the notification timeline required by Art. 25 — so your team can make informed decisions and prepare documentation aligned with the relevant provisions.

What is the difference between essential and important entities under the decree?

Art. 6 distinguishes essential entities (soggetti essenziali) from important entities (soggetti importanti) based on sector criticality and size thresholds; essential entities are subject to stricter enforcement and higher administrative penalties under Art. 38, comma 9, lett. a (up to €10,000,000 or 2% of global annual turnover), while important entities face lower maxima under Art. 38, comma 9, lett. b (up to €7,000,000 or 1.4% of global annual turnover).

Ready to streamline your compliance work?

Built for speed, accuracy, and audit-ready output.

Try ISMS Copilot 2.0