Digital Economy

The government’s digital infrastructure is proving to be too vulnerable: in the telecoms and public sector

Telecoms operators have the advantage of a widespread presence, proprietary infrastructure, compliance with EU regulations and experience. But the gap with the American hyperscalers remains enormous

(Adobe Stock)

4' min read

Translated by AI
Versione italiana

4' min read

Translated by AI
Versione italiana

The cyberattack that struck the systems of several Italian public administrations in early May has brought an issue that can no longer be put off back to the forefront of the debate: just how vulnerable is the state’s digital infrastructure? And who can guarantee the security, continuity and control of citizens’ data in an increasingly uncertain geopolitical context?

The figures paint a grim picture. According to the International Trade Administration, Italia ranks fourth in the world and first in Europe in terms of the number of cyber-attacks suffered, accounting for 10 per cent of global attacks recorded in 2024.

Loading...

The frequency of incidents has risen by 27 per cent in a year, from 2,779 to 3,541 incidents, with increasingly serious consequences. And whilst large companies are investing in advanced security measures, over 50 per cent of SMEs remain ill-prepared to deal with growing threats. Only 1% of Italian organisations are considered mature in terms of cyber security and cyber readiness.

Against this backdrop, the response that is taking shape centres on an alliance between public administrations and national telecoms operators. This is not a random choice, but rather the realisation that telecoms companies possess structural characteristics that are difficult for the major American hyperscalers to replicate: a widespread presence across the country, proprietary network infrastructure, experience in managing critical services and full compliance with European jurisdiction.

The issue goes beyond the mere localisation of data. When it comes to public services – from the civil register to healthcare, from the justice system to the tax authorities – requirements come into play that affect national security, citizens’ privacy and the continuity of the State’s operations. ‘The digital systems we manage in the public sector are no longer merely technical tools: they constitute critical infrastructure,’ observed Dirk Schrödter, Minister for Digitalisation in Schleswig-Holstein, in a recent interview. ‘ “If we lose control of our IT infrastructure, we risk losing our capacity for political and administrative action.” This is a consideration that applies to Germany, but also – and even more so – to Italia, where the fragmentation of systems within the public administration amplifies vulnerabilities.

In Italia, the national cloud strategy and the National Strategic Hub represent an attempt to address these needs. The national cloud project, launched in 2022 by a consortium comprising TIM, Leonardo, Cassa Depositi e Prestiti and Sogei, aims to migrate 75 per cent of the public administration to secure cloud services, with a total investment of 2.5 billion euros.

The aim is to ensure that sensitive government data remains under national control, protected from extraterritorial requests such as those provided for under the US Cloud Act.

However, implementation is proceeding slowly, and recent attacks have highlighted vulnerabilities ranging from the fragmentation of systems to a shortage of specialist skills. The National Cybersecurity Agency has allocated significant resources – 2.2 billion euros for the national strategy, bringing together the private sector and the public administration – but the transition requires time and a widespread change in mindset.

European telecoms companies are seeking to establish a presence in this sector with increasing determination. According to an analysis by STL Partners, operators such as Deutsche Telekom, Orange and Telefónica have launched specific ‘sovereign cloud’ offerings, often in partnership with European technology providers or through agreements that guarantee local control over data even when using US hyperscaler technologies.

“Telecoms companies have every right to be part of this game,” emphasises Marina Koytcheva, research director at Stl Partners. “They are national champions, highly regulated operators; they already manage critical infrastructure and enjoy the trust of the public.”

In Italia, this trend is reflected in the strategic moves of recent months. TIM has entered into a partnership with Microsoft to accelerate the country’s digital transformation, combining cloud computing, cybersecurity and artificial intelligence with the aim of bringing innovation to the public sector whilst keeping control of data within the country.

At the same time, Poste Italiane’s bid to acquire the telecoms operator could give rise to a group with revenues of 27 billion, occupying a central position in the provision of digital services to the State.

“Poste Italiane’s bid for TIM reflects a broader European drive to strengthen digital sovereignty by keeping critical network infrastructure under government control,” noted Diana Gorelik, a senior analyst at Omdia. This could lead to the creation of “state-led national champions, designed to safeguard strategic assets and ensure long-term investment and security”.

But there are clear limitations. The scale gap with the American giants remains enormous: in the first quarter of 2026, the combined revenues of AWS, Google Cloud and Microsoft Intelligent Cloud reached $92 billion. Competing in advanced technologies such as generative AI requires massive investment that European telecoms, historically focused on connectivity, struggle to sustain on their own. This is why partnerships with global technology players are essential to bridge the gap without relinquishing control over data.

A crucial aspect concerns the chain of custody. The European Data Act imposes portability and interoperability requirements on cloud services as well. However, as several analysts have pointed out, technical portability does not automatically equate to operational sovereignty: if the data is physically located in Europe but the encryption keys, management tools and operational expertise remain in the hands of a non-European provider, effective control remains limited.

For Italian telecoms companies, the opportunity is very real but requires a change of pace. Their extensive nationwide presence, their management of fixed and mobile networks – which already constitute critical infrastructure – and their familiarity with European regulatory requirements are valuable assets. However, competing in the cloud and AI sectors means developing skills that have historically not been part of the telecoms core business, investing in next-generation data centres and building ecosystems of credible partners.

The attack in May demonstrated that the fragility of the Italian public administration is not merely a question of technology, but of governance, expertise and strategic vision. Telecoms companies can be part of the solution, provided they do not confine themselves to the role of connectivity providers but position themselves as systemic partners in the digital transformation of the state.

Copyright reserved ©
Loading...

Brand connect

Loading...

Newsletter

Notizie e approfondimenti sugli avvenimenti politici, economici e finanziari.

Iscriviti