Legge Capitali is an Italian capital-markets reform law that gives regulators and ministries room to update corporate governance and disclosure rules. It is not a security standard itself; it is a legal framework that can reshape what listed companies must say about their controls, risks, and oversight.
In cyber security, this matters because disclosure rules can force boards to formalize how they handle artificial intelligence, cyber risk, and incident governance. Once a company must publish policies, ownership, and risk-management choices, vague language becomes harder to defend. Attackers do not “break” Legge Capitali, but they can benefit when governance is weak, while defenders use the law to push better documentation, board accountability, and alignment between public statements and actual security practice. In practice, it turns cyber risk into a shareholder and compliance issue, not only an IT problem.