As part of its supervisory activities, the Agency for Digital Italy opened 12 verification procedures against providers of SPID identities, certified mailboxes and qualified electronic signatures in 2022. Over 70 notifications were received from providers and 95 reports were processed, most of which concerned users (over 500) under investigation for alleged fraudulent use.
AgID's supervisory activities
According to the provisions of the Digital Administration Code, AgID performs supervisory functions over digital trust service providers to prevent irregularities or inefficiencies, verifies that the supervised entities operate in compliance with the rules, and identifies any violations that could expose users to the risk of falsification or data theft.
In addition to the 68 assessments, divided into 35 'non-compliances' and 33 'observations', the sanction phase was activated for 4 of these audits, which ended in 2023 with the imposition of administrative fines totalling 480,000 euros.
On the other hand, as regards the obligations of supervised entities to report incidents and malfunctions, a total of 71 events related to incidents, malfunctions or unavailability due to maintenance activities were reported in 2022 for PEC services (12), SPID (34) and Trust services (25).
Safer and more efficient services
The audits led the operators to take important measures to strengthen security measures and counter fraud attempts against users. Indeed, corrective actions were required to promptly detect human errors and anomalies in applicant identification and registration processes, whether directly or through third parties. This was necessary in order to prevent the increasingly frequent phenomena of identity theft or the use of services for fraudulent purposes, which also proved to be numerous in 2022.