Cybersecurity and digitalisation have become a central subject of debate and concern in the European Union (EU). Moreover, the COVID-19 pandemic compelled the migration of daily activities (such as education, healthcare, and work) to the online sphere, resulting in a proliferation of digital threats. This underscored the difficulty of safeguarding individuals and their security in the digital realm. The EU is facing a major dilemma in how to remain relevant in the digital realm while safeguarding its core values. In this vein, in March 2021, the Commission presented the 2030 Digital Compass with a vision for the digital economy and society’s future. The EU has adopted a cybersecurity strategy under the label of a human-centred approach in the digital domain, aspiring to be a human-centric digital development model, albeit often with an emphasis on frames such as "strategic autonomy", "geopolitical Commission" and “digital sovereignty”. However, what does ‘human-centred’ mean? Employing the human security concept as our analytical framework, this contribution offers an analysis of the EU's approach in the cyber and digital domains. We undertake a frame analysis to scrutinise whether and to what extent human security has been diffused in the EU's cybersecurity strategies. While identifying an overarching framework conveying the EU core values, the present study also uncovers certain paradoxes within the cybersecurity strategy that compromise the human-centric approach to cybersecurity.

This paper will focus on the Italian legal approach to cybersecurity. It will follow the way the Italian legislature has dealt with the various aspects of regulating unlawful computer activity over the course of over two decades, slowly building up a legal framework able to meet the cyber challenges states meet today. It will investigate how Italy has transposed the EU regulatory framework on cybersecurity, and whether it was one of the leading MS to shape the EU regulatory agenda. It will also look into the Italian position on the applicability of international law to malicious state-sponsored cyber operations, and will assess whether, in the absence of the UK (an internationally recognised cyber power) Italy can take its vacant seat on the EU decision-making table post-Brexit. The aim of the paper is to ultimately assess what the legal preparedness at national level says about the EU regulatory approach to cybersecurity more generally.