Abusive Access to the Criminal Cognition IT System: Cassation Ruling No. 17820/2025
The digital age has transformed the administration of justice, making the security of IT systems that manage sensitive information crucial. The Court of Cassation, with ruling No. 17820 of May 12, 2025, has provided a fundamental interpretation regarding the crime of abusive access to an IT or telematic system, particularly in reference to the Criminal Cognition IT System (SICP). This pronouncement not only clarifies the boundaries of the offense but also significantly strengthens the protection of data managed by public administration.
The Regulatory Context: Article 615-ter of the Criminal Code and Data Protection
Article 615-ter of the Criminal Code, "Abusive access to an IT or telematic system," penalizes anyone who unlawfully enters a system protected by security measures. The norm protects the confidentiality, integrity, and availability of systems. Its importance has grown with the digitalization of public services. The ruling in question focuses on the aggravated form of the crime, applicable when access occurs on systems of "public interest," such as the SICP.
The Specific Case: Access to the SICP and its Qualification
The case involved the defendant P. D., for unauthorized access to the Criminal Cognition IT System (SICP). The Cassation partially annulled the ruling of the Court of Appeal of Naples of September 9, 2024. The central issue is the qualification of the SICP as a system of "public interest," which triggers the aggravating circumstance of Article 615-ter, paragraph three, of the Criminal Code. What makes the SICP so deserving of enhanced protection?
The Supreme Court, with ruling No. 17820/2025, responded clearly, highlighting:
- Content: The SICP manages sensitive data and information directly related to the administration of justice.
- Management: It is managed by a public institution, with an intrinsic public purpose.
- Entry Method: Access is permitted only to authorized individuals based on their public duties, proving its protected nature.
These elements, according to the Cassation, include the SICP among systems of "public interest," with the relevant criminal consequences.
The Cassation's Ruling: A Fundamental Principle for Digital Security
Ruling No. 17820/2025, presided over by Dr. L. P. and with Dr. T. M. as rapporteur, has crystallized a fundamental principle for the protection of the justice system's IT systems. Here is the full ruling:
The crime of abusive access to an IT or telematic system, in its aggravated form, is constituted by access to the Criminal Cognition IT System (SICP), which is included among systems of "public interest" due to its content, direct reference to the administration of justice, management by a public institution, as well as the entry methods, permitted only to duly authorized individuals based on their public duties.
This statement leaves no room for doubt: unauthorized access to the SICP is an aggravated offense. The reasoning is rooted in the public function and the sensitivity of the information. The implicit reference to Article 97 of the Constitution reinforces the idea that IT security is instrumental to the proper delivery of justice. The ruling is in line with previous pronouncements (such as No. 47510/2018 and No. 16180/2021), consolidating an orientation that aims to strengthen the protection of data and systems crucial for the State.
Conclusions: A Warning for Data Protection in Public Administration
Ruling No. 17820 of 2025 by the Court of Cassation represents an important warning for those who operate with public administration IT systems. It underscores the importance of respecting access procedures and security measures, under penalty of aggravated criminal sanctions. The qualification of the SICP as a system of "public interest" is a recognition of its vital function for justice and the need to protect information with the utmost firmness. In an era of increasing cybercrime, pronouncements like this are essential for defining clear boundaries and ensuring citizens' trust in the security of data managed by institutions.
