Data in the digital transition of Italian public administration

The question

How is data actually treated inside Italian public administration during digital transformation?

Not how it should be treated - how it is.

This is the question my bachelor's thesis addresses. What follows is a summary of its core argument.


The structural gap

Italian public administration has, over the past five decades, built a progressively mature and coherent normative framework around data: from the early informatisation efforts of the 1970s, through the codification of the digital paradigm in the 2005 Codice dell'Amministrazione Digitale, to the GDPR, NIS2, and the most recent European data regulations.

The framework is not the problem.

The problem is the persistent gap between what the law prescribes and what organisations actually do.

This gap is not accidental. It reflects a recurring pattern in Italian digital governance: legislation has consistently anticipated transformations that administrative structures were not yet equipped to sustain. The norm precedes the organisation; the organisation struggles to follow.


Three dimensions of the same tension

The thesis analyses data governance across three dimensions - digitalisation, protection, and sharing - and finds the same structural tension in each.

Digitalisation. The historical reconstruction from the Giannini Report of 1979 through the present shows a continuous cycle: ambitious normative targets, partial implementation, renewed legislative effort. The digital paradigm has been codified repeatedly without being uniformly operationalised.

Protection. The GDPR shifted the model from formal compliance to continuous, risk-based accountability. But the Garante's enforcement activity reveals that this shift is still in progress. Technical and organisational measures are not uniformly adopted. The regulator is still performing a norm-setting function that should, by now, have been internalised.

Sharing. The "once only" principle - a citizen should never provide the same data to the state twice - remains largely a normative aspiration. Open data policies have produced datasets that are formally accessible but not always practically usable. Interoperability requires organisational alignment that administrations have not yet achieved at scale.


Where the gap is most visible

The thesis closes with two case studies - digital identity systems (SPID, CIE, eIDAS, IT Wallet) and App IO - chosen because they are cross-cutting infrastructures. A failure in their implementation does not affect a single service; it affects the entire digital ecosystem.

Both cases illustrate the same dynamic.

App IO, the most advanced attempt to build a unified access point to public services, sits on top of a deeply heterogeneous administrative system. The interface is unified; the underlying organisations are not. The result is a non-uniform user experience that directly mirrors the organisational inconsistencies below.

More significantly, IO is evolving from an access channel into a data infrastructure - managing digital identities, attributes, and credentials at scale. This is the point at which the gap between norm and practice carries the highest risk. Centralising data management without first resolving the governance deficit amplifies, rather than reduces, existing vulnerabilities.


The argument

Digital transformation of public administration is not primarily a technology problem.

It is an organisational and governance problem that technology makes visible.

The normative layer is largely in place. What is missing is the institutional capacity to implement it uniformly - across different administrations, different levels of government, and different operational constraints.

Until that capacity is built, the gap will persist. And legislation alone will not close it.


This is a summary of my bachelor's thesis "Il dato nella transizione digitale della PA", completed at the University of Turin (L-16, Digital Public Administration), supervised by Prof. Matteo Arrotta, academic year 2025/2026, DOI 10.5281/zenodo.21102766.


Editor's note: The practical reuse of public data - turning an open dataset into something usable where the work actually happens - is one of the gaps behind this analysis. cup-check is a small, concrete attempt in that direction.