In recent years, the Italian Cloud Strategy, promoted by the Department for Digital Transformation (DTD) and the National Cybersecurity Agency (ACN), has laid the foundation for the country's new technological autonomy. Through a unified regulatory and technical framework, the initiative has enabled the public administration to modernised its digital infrastructure, ensuring levels of security and reliability that were unthinkable until just a few years ago.

The adoption of the Single Regulation for PA cloud infrastructure and services, defined by the ACN together with the DTD, represented a crucial step: it allowed the certification of secure public and private cloud services, encouraging the centralisation of information systems and the decommissioning of obsolete infrastructure. Today, the Italian model is based on three main pillars: the national strategic hub (PSN), market-based Cloud Service Providers (CSPs) and certified public infrastructure managed by regions, autonomous provinces and in-house entities.

The challenges of change

The first phase of the strategy has yielded significant results, but new challenges must now be addressed to make the model more suitable to local requirements and capable of fully seizing the opportunities offered by artificial intelligence (AI). The advent of generative AI has radically transformed the technological landscape, opening up unprecedented prospects for public services as well: from the automatic generation of administrative documents to the creation of virtual assistants for citizens. However, to fully exploit this potential, the infrastructure design must be updated, as envisaged by the recovery and resilience plan (PNRR), conceived in a pre-generative phase of AI.

From a centralised to a federated model

A federated cloud model is needed to make the public administration more flexible, secure and ready for widespread AI adoption. This includes the idea of creating a network of public territorial entities, such as regions and in-house entities, equipped with certified data centres and secure infrastructure. These hubs, distributed across the country, would ensure proximity, sovereignty and resilience, and would act as local accelerators of digital transformation.

A federated cloud would also provide three key benefits:

• Distributed computational capacity: Federated public hubs could provide high-performance computing resources (HPC and GPU) for training complex AI models, making computing power accessible to local governments as well.
• Development of public foundational models: public administrations could develop specialised AI models for specific sectors - healthcare, environment, welfare, energy - ensuring interoperability and national coherence.
• Federated learning: the models would be trained locally, without moving data, ensuring privacy and security.

This architecture would allow for the merging of local learning and global knowledge, with a distributed yet coordinated approach.

The value of public infrastructure

The digital infrastructure of regions, autonomous provinces, and in-house entities is a strategic public asset. Many of these are already compliant with the requirements of the ACN Regulations and are in the process of being accredited. This is a potential ecosystem of between 10 and 30 public entities, with cutting-edge data centres and a widespread presence across the territory, capable of guaranteeing end-to-end public control, proximity to citizens and consolidated technical expertise. Many local administrations have already migrated their services to such infrastructure, often thanks to PNRR vouchers (Measure 1.2). Leveraging these experiences within a cloud federation would capitalise on existing investments and accelerate the country's digital evolution.

Standards, interoperability and governance

The functioning of this model would be based on interoperability and standardisation, according to principles already tested at European level. The key elements of the model include:

• secure and integrated interconnections (“trusted network”);
• federation of AI-based security and monitoring systems;
• federation of digital identities;
• common communication APIs and integration with the national strategic hub (PSN);
• role of the DTD and the ACN as “clearing houses” for the certification of services;
• a federated marketplace for data and public cloud and services;
• possibility of reusing open-source frameworks and existing European projects (DOME, FULCRUM, DYNAMO CLOUD, etc.;
• involvement of ICT companies providing application services to build a SaaS service ecosystem.

The expected benefits

Adopting a federated cloud for the public administration would produce tangible benefits: 

• Efficiency: reduced operating costs and optimal use of resources;
• Security: certified data centres and secure local infrastructure ensure protection and sovereignty; the establishment of regional CSIRTs is encouraged
• Innovation: accelerating the use of AI and the creation of smart service; 
• Digital sovereignty: reduced dependence on external providers, control of critical data at national level and leveraging of public investments.

Next steps

The creation of a federated cloud requires a coordinated approach by the DTD, the ACN, the Regions and the Autonomous Provinces. The federated cloud is a natural evolution of the Italian Cloud Strategy: a model that combines strategic centralisation and territorial autonomy, which is able to use artificial intelligence as a driver of efficiency and innovation. A public, distributed, smart infrastructure at the service of the country.

Vito Baglio, Director of Cloud and Infrastructure Services