There are 12 verification procedures launched by the Agency for Digital Italy as part of its supervisory activities towards providers who provide SPID identities, certified email accounts and qualified electronic signatures. Over 70 notifications were received from managers and 95 reports were managed, which largely involved users (over 500) subject to investigations into alleged uses for fraudulent purposes.
This is what emerges from the report published today, which summarizes the verification activities and inspections carried out by the Agency during 2022.
AgID’s supervisory activities
In accordance with the provisions of the Digital Administration Code, AgID carries out supervisory functions on providers of digital trust services to prevent irregularities or disservices, verifying that the supervised entities operate in compliance with the rules and ascertaining any violations that may expose users to risk of falsification or theft of data.
The objective is to stimulate the supervised entities to continuously improve processes, according to consistent levels of quality and safety between the different operators, exploiting the opportunities offered by continuous technological evolution and ensuring compliance with the indications of the European regulatory framework.
The proceedings
In 2022, the group of subjects supervised by AgID included 20 qualified trust service providers, 18 accredited certified email managers and 10 SPID digital identity managers. There were 12 verification procedures initiated, which resulted in 14 inspections: 11 on site, at the managers’ offices, and 3 remotely, with the contribution of specialist skills from the Technological Fraud Prevention Unit of the Guardia di Finanza and by the Cert-AgID staff.
In addition to the 68 findings, divided into 35 “Non-Conformities” and 33 “Observations”, the sanctioning phase was activated for 4 of these checks and ended in 2023, with the imposition of administrative sanctions for a total of 480 thousand euros.
With reference, however, to the obligations to notify accidents and malfunctions by supervised entities, in 2022 a total of 71 events relating to accidents, malfunctions or unavailability for maintenance activities relating to PEC (12), SPID (34) services were notified. and trust services (25).
Increasingly safe and efficient services
The checks led managers to adopt important actions to increase security measures and counter fraud attempts perpetrated against users. In fact, corrective interventions capable of promptly detecting human errors and anomalies in the processes of identifying and recording applicants’ data, carried out directly or through third parties, were requested.
This is to counteract increasingly frequent phenomena of identity theft or use of services for fraudulent purposes, which have proven to be numerous again in 2022.