The Italian Ministry of Transport published on 16 December 2025 a circular on “Navigation Safety”, which updates information security measures for national vessels, ISM management companies and port facility operators. The measure was issued by the General Command of the Harbour Master’s Corps – Coast Guard, in its role as central security authority, together with the NIS Authority for the Transport Sector.
The circular updates and replaces the previous Circular No. 155/2019 on cyber risk management, taking account of technological developments in the maritime sector, the operational experience gained in recent years and the new IMO guidelines. The administration notes that the growing digitalisation of navigation, logistics and port operations has expanded exposure to cyber threats, making cybersecurity an indispensable element of maritime safety, in both safety and security terms, as well as a strategic component of national, economic and environmental security.
The measure was prepared with the opinion of the Navigation Safety Working Group established within the Coast Guard’s Department VI, expanded to include the NIS Authority for the Transport Sector, the National Cybersecurity Agency and the main associations representing ports, logistics and shipowners. The attached instructions were presented to the Interministerial Committee for the Security of Maritime Transport and Ports at its plenary session on 29 October 2025 and subsequently illustrated to the Committee for Maritime Security at EMSA on 9 December 2025.
The circular will enter into force on 1 November 2026. Substantively, it identifies Computer Based Systems as the set of IT and OT systems relevant to the safety of navigation, people, cargo and the environment. These systems include both onboard equipment and shore-based digital infrastructure, including ship–port interfaces and integrated ship–shore systems.
The approach outlined is based on structured cyber risk management and requires the integration of cybersecurity into the safety management system provided for by the ISM Code, as well as into the ship and port facility security plans required by the ISPS Code. The circular calls for updated corporate policies, clear allocation of roles and responsibilities, regular risk assessments, the adoption of proportionate technical and organisational measures and the preparation of incident response plans.
Particular emphasis is placed on the training and familiarisation of onboard and shore-based personnel, the management of cyber incidents, drills and exercises, internal audits and continuous improvement. Measures are to be applied in line with proportionality criteria related to the nature, size and complexity of the company, vessel and port infrastructure. The circular also devotes a specific paragraph to Maritime Autonomous Surface Ships, highlighting how automation and remote control introduce new cyber risk profiles that must be addressed in safety assessments, with particular attention to remote control centres, communications and sensor-based decision-making systems.
In recent years, at international level, several cyber incidents have demonstrated how an attack can generate systemic effects on shipping and terminal operations, disrupting booking services, slowing port activities and causing significant economic impacts along supply chains. The European and Italian port systems have also been affected by demonstrative attack campaigns and attempted compromises, although so far with limited operational impact.
In this context, the NIS2 Directive has classified maritime and port transport as a highly critical sector, imposing strengthened obligations on risk governance, network security and incident reporting. Circular MIT 177/2025 represents the operational implementation of these principles within the national maritime domain, translating IMO and European guidance into requirements applicable to companies, ships and ports.
For operators in freight transport, warehousing and port logistics, the required compliance entails technological and organisational investments, stronger internal capabilities and closer integration between physical security and cybersecurity. At the same time, the aim is to enhance the resilience of the system as a whole, reducing the risk of operational disruptions and strengthening the reliability of the Italian port system in international trade.
