The Legislative Decree 231 of 2001 in our system introduced the discipline of administrative liability for companies (in any established form) and Entities with legal personality. The rule establishes that they can be sanctioned for crimes committed, in the interest or to the advantage of the company itself, by individuals belonging to its organizational structure (Directors, Managers and employees).The ascertainment of responsibility can cause the Entities to incur various types of sanctions, including:

  •  pecuniary sanctions up to a maximum of 1,549,000 euros;
  • disqualification sanctions (disqualification from exercising the activity, suspension or revocation of authorizations, licenses or concessions, prohibition of contracting with the PA, exclusion from loans, contributions or subsidies and the possible revocation of those already granted, the ban on advertising goods and services);
  • confiscation;
  • the publication of the sentence.

Liability is excluded if the Entity demonstrates that it has effectively adopted and implemented, before the offense was committed, Organization, Management and Control Models suitable for preventing the commission of offenses of the type that occurred and that it has established a body responsible for supervising on the functioning and observance of the models.

Some types of computer crimes (so-called digital crimes) strictly related to data protection profiles in the business environment were included among the offenses for which the administrative liability of the entity is configured, including:

  • Unauthorized access to an IT or telematic system (Article 615 terp.)
  • Unauthorized possession and dissemination of access codes to computer systems (Article 615 quaterp.)
  • Illicit interruption of computer or telematic communications (Article 617 quaterp.)
  • Damage to information, data and computer programs (Article 635 bisp.)
  • Damage to IT or telematic systems (Article 635 quaterp.)
  • Computer fraud by the electronic signature certifier (Article 640 quinquiesp.)

In fact, the use of new technologies, within company contexts, in addition to having led to an undeniable improvement in the functioning of various sectors, has led to an increase in the risk of committing computer crimes capable of causing serious economic and structural consequences to the organization. and web reputation.

For this reason, it is necessary that companies and entities adopt and implement safety measures and internal procedures suitable to prevent and minimize the risk of incurring liability hypotheses pursuant to 231/2001.

Argo CyberSecurity offers a consultancy service aimed at developing digital risk management and control models, aimed at strengthening prevention activities, through:

  • the introduction of specific security measures aimed at reducing the possibility of crimes being committed within the company network;
  • targeted controls and analysis of the management of the corporate sectors in which technological devices and the network are used;
  • employee training and empowerment activities in order to spread an IT culture within the company;
  • definition of an IT system security policy that identifies the access levels of internal users based on the confidentiality of company information and the responsibility of the subject and regulates its use;
  • regulation of access by external users;
  • internal audit activities aimed at complying with company prevention measures and models.


