A legal perspective on cybersecurity between European and national interventions

Cybersecurity is a complex and multifaceted field that spans multiple sectors and disciplines, from technical domains to legal, governance and social aspects. With the emergence of new technologies, such as IoT and artificial intelligence, the challenges surrounding cybersecurity are becoming increasingly complex. This thesis examines the European and Italian regulatory frameworks for cybersecurity, focusing on how evolving European Union policies and regulations have shaped interventions at the national level. Through a historical and reconstructive approach, the research outlines the evolution of key European cybersecurity policies, highlighting the increasing complexity and fragmentation caused by overlapping regulations. The study is divided into four main chapters. The first two examine the European framework, beginning with an analysis of EU cybersecurity policy and then presenting European legislative interventions in chronological order. These chapters categorise various regulatory initiatives and assess their impact on national legislation. The third chapter focuses on the Italian cybersecurity infrastructure, mapping its evolution. The final chapter addresses a grey area in the regulatory framework concerning constitutional bodies, using interviews to investigate the impact of national cybersecurity regulations on these institutions. This research, conducted in collaboration with the ERACLITO project, contributes to the academic debate on cybersecurity regulation by mapping compliance requirements at both European and national levels. The appendices provide additional technical details, including a functional standard for security requirements within the ERACLITO project, ensuring that the technical content does not overwhelm the core analysis.