The Italian Parliament is debating a bill that could radically change the way companies and public bodies respond to ransomware attacks. The initiative, sponsored by MP Matteo Mauri, seeks to prohibit ransom payments in cases of cyber extortion, imposing administrative sanctions on those who violate this provision.
Expert Ransomware Removal
Our certified professionals have over 25 years of experience in ransomware removal, data recovery, and computer security.
❌ Goodbye to ransomware: A firm approach to cybercrime
The legislative text establishes that both public and private entities included in the National Cyber Security Perimeter —such as banks, transportation companies, or those in the energy sector—will not be able to pay ransoms if their systems are compromised by ransomware. This measure is justified by the need to economically discourage cybercrime and protect the country’s critical infrastructure.
In exceptional situations that pose a risk to national security, the Prime Minister may authorize exceptions, along with the deployment of intelligence tools.
🧑💼 Negotiators under the legal microscope
The law also focuses on the role of cyber negotiators , who until now acted as intermediaries between affected companies and hacker groups. Under this new legislation, their activities could be construed as complicity in cyber extortion, representing a radical shift in the legal approach to these practices.
Ivano Gabrielli, director of the Italian Postal Police, warned that “ companies, under pressure to restore their operations, end up paying high sums, often with the help of intermediaries who are also legally accountable.”
Another proposed measure includes making it mandatory to notify CSIRT Italy (the agency responsible for responding to cybersecurity incidents) within six hours of detecting an attack. Failure to do so will result in proportional sanctions.
It also expands the ability of law enforcement to operate covertly on foreign networks when they have been used to commit cybercrimes.
🧠 Digital education and support for victims
Beyond legal tightening, the project includes a strong educational component. The Ministry of Education, in collaboration with the National Cybersecurity Agency (ACN), is expected to implement ongoing digital training programs in schools. In addition, the ACN will lead a technical and operational support plan for victims, especially small and medium-sized enterprises (SMEs) and the public administration.
In addition, a National Compensation Fund will be created to assist organizations that have met their legal obligations and still suffered significant financial losses following a cyberattack.
🕵️♂️ The double face of ransomware
Beyond the economic benefit, ransomware also represents a geopolitical threat. According to Italian intelligence services, some attacks have a dual purpose: serving both criminal networks and state interests in espionage, influence, or digital sabotage operations.
🔚 Conclusion
The Italian legislative proposal represents a paradigm shift in the fight against cyber-extortion . By prohibiting ransom payments and regulating the role of negotiators, Italy sends a clear message: cybercrime should not be profitable. At the same time, it promotes digital education and strengthens cooperation between institutions to protect victims.
If passed, this law could become a model for other countries seeking to balance immediate response to a cyberattack with a long-term strategy to eradicate these types of threats.
Fast & Guaranteed Recovery
HelpRansomware provides a 100% guaranteed ransomware removal and data recovery service, with 24/7 worldwide assistance.
