Cybernetic National Security Perimeter Law tightens the FDI screening regime

21 Nov 2019

On 21 November 2019, the Law No. 133/2019 entered into force in Italy. Its aim is to "ensure a high level of security of networks, information systems and IT services of public administrations, national bodies and operators, public and private" and thus the 'National Cyber Security Perimeter' is established. Within 4 months, the Italian government should create a list of entities and companies subject to security-related obligations.

Simultaneously, the new law amends once again the existing FDI screening regime in Italy. It broadens the scope of information that needs to be disclosed by foreign investors and extends the time-frame of screening procedures from 15 to 45 days. It also adds a new screening condition, against which foreign contracts and acquisitions are evaluated. Now, also the vulnerabilities that could compromise integrity and security of networks and data passing through these networks should be taken into account. While assessing a foreign acquisition, the new amendment requires to evaluate, whether 1) the buyer is directly or indirectly controlled by a public administration, including state bodies or armed forces, of a country not belonging to the European Union, including through the ownership structure or substantial financing; 2) the buyer has already been involved in activities that affect security or public order in a Member State of the European Union; and 3) there is a serious risk that the buyer undertakes illegal or criminal activities.

Finally, the Law No. 133/2019 envisages sanctions for completing a foreign acquisition or contract without authorization. Anyone involved may be subject to an administrative fine of up to 150 per cent of the value of a transaction, but not less than 25 % of the value. This is in parallel to the obligation to restore, on its own expenses, the situation before the execution of a transaction.