TRIESTE – The Ministry of Infrastructure and Transport is updating the framework for maritime cybersecurity with a new circular that strengthens obligations for ships, ports and critical operators.
Through the General Command of the Italian Coast Guard (Harbour Master’s Corps), the MIT has issued the “Navigation Safety” circular (No. 177/2025 of 16 December 2025) to update cybersecurity measures for national ships, ISM management companies and port facility operators, introducing a more modern and more binding framework.
The circular stems from the growing digitalisation of onboard systems and port infrastructure. Connectivity tools, ship–port interfaces and remote access have improved efficiency, but they have also increased exposure to cyber threats. Computer Based Systems, which include IT and OT, are now central to operations and therefore sensitive targets.
The document aligns with the guidance of the International Maritime Organization (IMO) and integrates the European framework set by the NIS2 Directive and Legislative Decree 138/2024. Ports, maritime administrations and critical operators are therefore fully included among the entities essential to national cybersecurity. For shipping companies, masters, port facility operators and the authorities involved, the circular introduces clear obligations. A structured approach to cyber risk management is required, with measures integrated into the Safety Management System and into ships’ security plans, procedures updated, and adequate technical and organisational measures adopted. Central as well is the formalisation of prevention, detection, response and recovery processes in the event of an incident.
A specific chapter concerns training. Crews, the Company Security Officer, the Port Facility Security Officer and IT/OT technicians will have to follow updated qualification paths. Particular attention is devoted to critical systems, from propulsion to steering, from power generation to communications, up to passenger networks, VTS (Vessel Traffic Service) services and port infrastructure, which will have to be subject to periodic, documented assessments.
The circular also looks at emerging technologies. Autonomous systems and ship-to-shore services used in MASS (Maritime Autonomous Surface Ships) operations are mentioned, recognising their spread and the new vulnerabilities they bring. Lastly, the management of cyber incidents is strengthened, in coordination with the reporting obligations to CSIRT Italia (Computer Security Incident Response Team) set out in Legislative Decree 138/2024. «Cybersecurity is now an essential component of maritime safety and the protection of critical infrastructure» have jointly underlined the Coast Guard General Command and the NIS Authority – Transport Sector. Circular No. 177/2025 is published on the Coast Guard website and will fully enter into force from 1 November 2026.
