IP, ICT & Data Insights – February 2026
In this edition of the IP, ICT & Data Insights newsletter, Andersen Italy’s European Service Line professionals specialising in Data Protection & Risk Management explore key developments in cybersecurity governance, including the synergy between NIS2 and AI, and the risk management in the IT and cyber services supply chain.
Integration between NIS2, AI & GDPR: the opportunity to strengthen corporate compliance
Paola Finetto, our expert for Italy in the field of Data Protection & Cybersecurity, analyzed the importance of the integration between NIS2, AI and GDPR to strengthen corporate compliance. Artificial intelligence (AI) is transforming operational processes and sectors that fall within the scope of the NIS2 Directive (EU Directive 2022/2555). The integration of an organizational and security system that complies with NIS2 requirements, enhanced by AI-based solutions, represents a concrete opportunity to increase business resilience and ensure a high level of cybersecurity. On the one hand, the NIS2 Directive introduces strict obligations in terms of risk management, incident response, business continuity, and cybersecurity governance; on the other hand, the use of AI can enhance an organization’s ability to detect threats in a timely manner and automate response actions.
However, it is essential that these technologies are used in an ethical, responsible manner that complies with personal data protection legislation. Ultimately, conscious integration between NIS2, AI Act, and GDPR allows for the development of privacy-friendly AI solutions that can ensure high security standards while reducing response times to cyberattacks. To achieve a truly integrated compliance system, it is nevertheless necessary to adopt a robust governance strategy and a risk-based approach. This involves assessing the risks associated with the use of specific AI tools and systems, introducing transparent business policies, and promoting targeted cybersecurity training.
Risk management in the IT and cyber services supply chain
Luca Rigotti, our expert in corporate liability and risk management, analyzed the purpose and the importance of risk managament in the IT and cyber services across the supply chain. Managing risks across the supply chain has become a cornerstone of corporate compliance, as any unethical or negligent behaviour by suppliers or subcontractors can lead to severe legal, reputational, and financial consequences. A third-party risk assessment aims to mitigate these threats. It has also become essential regarding IT and cyber service providers, which are crucial to the proper functioning of business operations.
Auditing ICT and cybersecurity practices, roles and responsibilities, data subject rights, continuity plans, and security incidents helps build a transparent and reliable supply network. In a historical context where responsibility extends to the entire value chain, the creation of structured and continuous processes for evaluating and monitoring suppliers not only safeguards the business but also becomes a real source of competitive advantage.
- Read the insight