Gestore dei Servizi Energetici SpA

Gestore dei Servizi Energetici SpA (GSE) is an Italian state‑owned company that promotes the development and use of renewable energy sources within the country. It administers national incentive schemes, including the historical Conto Energia feed‑in tariff and subsequent support mechanisms for solar, wind, hydro and biomass projects. GSE also issues Guarantees of Origin that certify the renewable origin of electricity consumed by end‑users. In addition, it manages the registry of renewable energy plants and provides data and reporting services to producers, consumers and public institutions. Its activities are confined to the Italian market, where it interfaces with both private operators and governmental bodies.

The company’s headquarters are situated in Italy, as indicated by its alias and the location of the cyberattack that affected it in August 2022. GSE operates under the authority of the Italian Ministry of Economic Development, which oversees its mandate and ensures alignment with national energy policy. As a public entity, its ownership rests with the Italian state, and it does not have a private parent company or subsidiaries that are disclosed in the available sources. The organisation’s reach extends across the entire national territory, enabling it to coordinate renewable energy initiatives from the Alps to the Mediterranean islands.

GSE’s distinguishing attributes lie in its dual role as a technical administrator and a policy‑implementing arm of the government, specialising in the certification, incentivisation and monitoring of renewable energy production. This positioning makes it a critical node in Italy’s energy infrastructure, as disruptions to its IT systems can impede the issuance of certificates and the processing of incentive payments. In August 2022, GSE experienced a cyberattack that compromised its infrastructure, caused sustained website downtime and was reported alongside similar incidents targeting other Italian energy firms. The specific attack vector and responsible threat actor were not publicly identified, but the episode highlighted the exposure of essential energy services to cyber threats. These facts together define GSE’s function, structure and the contextual risks it faces.