Press release
Deliberate market focus drives solid growth
Deliberate market focus drives solid growth for Grant Thornton
Services
Through Grant Thornton Financial Advisory Services we support the ambitions of dynamic businesses and help them grow
-
Transactional advisory services
Find out more about the transactional advisory services of Grant Thornton Financial Advisory Services
-
Valuations
Find out more about the valuations services of Grant Thornton Financial Advisory Services
-
Mergers and acquisitions
Find out more about the merger and acquisition services of Grant Thornton Financial Advisory Services
-
Forensic and investigation services
Find out more about the forensic and investigation services of Grant Thornton Financial Advisory Services
-
Recovery & reorganisation
Find out more about the Recovery & reorganisation services of Grant Thornton Financial Advisory Services
-
Business risk services
Find out more about the business risk services of Grant Thornton Financial Advisory Services
-
Business consulting
Find out more about the business consulting services of Grant Thornton Financial Advisory Services
-
Capital market
Capital market
We assist businesses in developing tax-planning strategies to optimise the tax burden in compliance with the regulation in force
-
Corporate and business tax
Find out more about our corporate and business tax services.
-
Direct international tax
Find out more about our direct international tax services.
-
Global mobility services
Find out more about our global mobility services.
-
Indirect international tax
Find out more about our indirect international tax services.
-
Transfer pricing
Find out more about our transfer pricing services.
-
Litigation
Our lawyers and accountants can manage all defense measures provided not only by the Italian law, but also by EU regulations and conventions
-
Family business
Find out more about our Family business services.
-
Legal
The client can be assisted in every need and with the same care both on important operations or disputes and on simple matters
Related insights:
Through Grant Thornton Operations we help businesses focus on their core business and improve efficiency
-
Back office outsourcing
Find out more about our Back office outsourcing services
-
Business process outsourcing
Find out more about our business process outsourcing services.
-
Compilation of financial statements
Find out more about our compilation of financial statements services.
-
Tax compliance
Find out more about our tax compliance services.
-
Electronic invoicing
Find out more about our electronic invoicing services
-
Electronic storage
Electronic storage is an archiving procedure that guarantees the legal validity of a digitally stored electronic document
-
Revaluation of corporate assets
Find out your civil and fiscal revaluation of tangible, intangible and financial assets
We provide tailored consulting on labor, HR, welfare, and industrial relations.
-
Payroll
Complete and customized payroll service, integrated with digital solutions and compliant with Italian and international regulations.
-
Labor consultancy
We help Italian and international companies manage all aspects of their workforce.
-
HR & Payroll Advisory Services
We review contracts, payroll, and risks for extraordinary transactions and we assess tax, labor, and safety risks in outsourcing contracts.
-
Extended services
We provide integrated digital tools to simplify HR management.
-
HR Infinity Portal
The HR Infinity Portal is Zucchetti’s platform designed to centralize communication between the company and its employees.
we can provide our clients with dedicated services aimed to increase the maturity and resilience of their businesses
-
Cybersecurity
GT Digital helps clients structure information security management internal functions, also through partially or totally outsourced functions
-
Agile and Programme Management
GT Digital provides support in the adoption and implementation of different portfolio management
-
Robotic Process Automation
Our “BOT Farm” can rely on digital workers able to help clients in routine activities, allowing employees to deal with more added-value activities
-
Data strategy and management
GT Digital can support clients in seizing the opportunities offered by Big Data, from the definition of strategies to the implementation of systems
-
Enterprise Resource Planning
We support clients in selecting the most appropriate ERP System according to their specific needs, helping them also understand licensing models
-
IT strategy
GT Digital supports clients in making strategic choices, identifying innovation opportunities, comparing themselves with competitors
-
IT service management
We can support with software selection and with the implementation of dedicated tools for the management of ICT processes
-
DORA and NIS 2
The entry into force of the DORA Regulation and NIS2 represents a major step towards the creation of a harmonised regulatory framework
NIS2 e DORA – enhance cyber resilience across all sectors
The NIS2 Directive and the DORA Regulation are two fundamental components of the national cybersecurity strategy. Both regulations arise from the need to strengthen the capacity of public and private organisations to prevent, manage and respond effectively to cyber threats, which increasingly jeopardise business continuity and market confidence.
Italian cybersecurity context
3,541 serious cyber-attacks recorded globally (a 27% increase compared to 2023), of which 357 were recorded in Italy.
+27%
growth in global attacks compared to 2023
Source: Clusit, Report on Cybersecurity in Italy and Worldwide 2025
10%
of global attacks occur in Italy
NIS2 Directive
This is the new European regulatory framework that strengthens cybersecurity obligations for businesses and critical infrastructure. As a central component of the national cybersecurity strategy, it aims to raise the level of digital security in all Member States by standardizing rules, responsibilities and incident reporting procedures. Since 17 January 2023, the date of its entry into force, EU countries have begun the process of transposing it into their national legislation. Italy was among the first countries to implement the legislation through Legislative Decree 138/2024, demonstrating a proactive approach and a particular focus on cyber resilience.
NIS2 has significantly expanded the number of entities concerned (from 400 under NIS to an estimated 10,000 in Italy alone with NIS2). Its scope covers a wide range of sectors (transport, energy, B2B services, etc.), distinguishing medium-sized and large enterprises as essential and important entities.
Since the text came into force, the legislation has established a framework of particularly important deadlines that is continuously updated. Most recently, on 3 October, the CSIRT contact person was designated, who must be appointed between 20 November and 31 December 2025.
- December 2026 – Deadline for designating the CSIRT contact point and establishing an incident notification mechanism
- October 2026 – Deadline for adopting basic security measures
Failure to comply with the obligations imposed within the respective deadlines exposes organisations to significant and diverse consequences. In addition to the risk of penalties (up to 10 million Euro or 2% of turnover), inadequate security management can result in reputational loss, operational disruptions and serious damage to trust among customers and stakeholders. For this reason, NIS2 identifies several key pillars: from governance liability to ICT incident management, through the adoption of advanced technical and organizational measures, to the ability to constantly monitor suppliers throughout the digital supply chain.
Digital Operational Resilience Act (DORA)
It complements the regulatory framework by specifically targeting the financial sector. The regulation introduces a comprehensive set of rules aimed at ensuring the digital operational soundness of financial institutions and entities operating in the sector, imposing uniform standards that are directly applicable in all Member States. From 17 January 2025, DORA will be fully effective: banks, insurance companies, investment firms, payment infrastructure providers and other operators (most recently, also financial intermediaries pursuant to Article 106 of TUB – Italian consolidated banking act) must be ready to demonstrate that they have taken appropriate measures to protect and manage ICT risk.
Key milestones
January 2023
Entry into force of the Dora regulation
January 2025
Deadline for the adoption of security measures and technical standards, with the associated start of inspection activities
Ongoing
System monitoring obligations.
NIS2 and DORA share a common vision:
to promote a secure, resilient and transparent digital ecosystem by establishing a governance vision based on several key points.
- Direct liability of the management
- Incident management
- Introduction of specific security measures
- Analysis and coverage of risks from the supply chain
- Governance built on security policies and procedures for ICT equipment
- Continuous monitoring and testing of systems
Critical actions to get ready for the implementation
Faced with these new regulations, it is essential that organisations adopt a proactive approach to guarantee operational compliance and resilience. Here are some key actions:
- Know your organisation: Understand all processes, services and critical assets is the first step for an effective management of cybersecurity.
- Perform a gap analysis: Carry out an evaluation of the DORA and NIS2 gaps to identify areas for improvement and risks.
- Compare gaps with the main recommendations: Compare the gaps identified with the main recommendations and best practices, focusing on the most critical areas.
- Have a strategic investment plan: Focus on investments which bring an actual value added to the requirements laid down in the Regulation and Directive, thus guaranteeing a comprehensive management of cyber risks.
