The Digital Operational Resilience Act (DORA) is the EU law on digital operational resilience. It aims to strengthen resilience in all aspects of financial institutions.

GDPR sets out the requirements for lawful processing of personal data and demonstrating the adequate protection of data.

Full, certification-level ISMS. Complete set of security controls along with management, auditing and risk evaluation aspects.

NIS2 sets the baseline for cybersecurity risk management measures and reporting obligations across important industries covered by the directive.

The Critical Entities Resilience (CER) Directive is an EU law focused on strengthening the resilience of critical entities providing essential services across various sectors, ensuring they can withstand a range of threats and hazards.

The CIS18 critical security controls is a comprehensive set of instructions and measures released by The Center for Internet Security. Controls are designed to fix and prevent common vulnerabilities and to offer organizations a structured way to strengthen their security.

The Cyber Resilience Act is an EU regulation for improving cyber security and cyber resilience in the EU. It includes requirements for hardware and software products with digital elements.

The DORA RTS on simplified ICT risk management describes the key elements that financial entities subject to lower scale, risk, size and complexity need to have in place to manage risks.

Full, certification-level ISMS. Complete set of security controls along with management, auditing and risk evaluation aspects.

ISO 9001 helps organizations of all sizes to exceed customer expectations and establish a quality management system (QMS).

NCSC's Cyber Assessment Framework (CAF) 4.0 is a UK framework designed to help organizations providing essential services assess and improve their cyber resilience through a structured, outcome-focused approach.

NIST CSF's new 2.0 edition is designed to help all organizations in any sector to achieve their cybersecurity goals with added emphasis on governance as well as supply chains.

NIST is designed to help owners and operators of critical infrastructure to identify, assess and manage cyber risks.

SOC 2 framework specifies how organizations should protect customer data from e.g. unauthorized access, security incidents or other vulnerabilities. It is developed by the American Institute of Certified Public Accountants (AICPA).

TISAX is an assessment and exchange mechanism for the information security of enterprises and allows recognition of assessment results among the participants.

C2M2 helps organizations evaluate their cybersecurity capabilities using a set of industry-vetted practices focused on IT and OT assets and environments.

Privacy extension to ISO 27001. Upgrades an existing ISMS with additional privacy requirements to establish a Privacy Information Management System (PIMS).

ISO 27017 is a security standard developed especially for cloud service providers and users to create a safer cloud-based environment and reduce the risk of security incidents.

ISO 27018 is a security standard developed especially for cloud service providers to ensure risks are assessed and controls are implemented to protect personally identifiable information (PII).

Legal Notice 71 of 2025 is a Maltese law that implements the NIS2 Directive, enhancing cybersecurity resilience across essential and important sectors by setting stringent requirements for risk management, incident reporting, and governance.

Danish regulation enhancing resilience and preparedness in the energy sector, implementing CER and NIS2 requirements and focusing on organizational preparedness, physical security, and cybersecurity.

Cyber Essentials is backed by the UK's government. It helps an organization get the essentials of cyber security covered to decrease the chance of basic cyber attacks.

The CyberFundamentals framework is created by Centre for Cyber security Belgium. It provides a set of concrete measures to protect your data, significantly reduce the risk of the most common cyber-attacks, and increase your organisation's cyber resilience.

The Cyberbeveiligingswet (Cbw) is the Dutch implementation of the NIS2 Directive, designed to bolster cybersecurity across essential sectors by imposing risk management and incident reporting obligations.

The Cybersecurity Law of the People's Republic of China is a law designed to ensure cybersecurity, data protection, and data localization. It defines security obligations for network operators and service providers and establishes rules for data management and cross-border data transfer.

The Cybersicherheitsverordnung (CSV) is a Swiss ordinance detailing the implementation of the Information Security Act (ISG), mandating cyberattack reporting for critical infrastructure and defining cybersecurity roles and strategies.

The Law on Measures to Ensure a High Level of Cybersecurity (Cybersikkerhedsloven) is the Danish implementation of the NIS2 Directive, enhancing cybersecurity across critical sectors.

The Cybersäkerhetslagen (CSL) is Sweden's implementation of the NIS2 Directive, enhancing cybersecurity requirements for essential and important sectors, with stricter rules and broader scope.

<p>Digital security overview is a service developed and maintained by the Finnish Digital and population data services agency with the goal of gathering information about the digital security status of public sector organisations.</p>

Il Cybersecurity Act Decreto legislativo n. 138 implements the European Union's NIS2 directive in Italy. It establishes requirements for various organizations in order to strengthen the management of cybersecurity risks.

Cyber security evaluation criteria by Finnish authorities for Finnish public administration.

Katakri is used when evaluating organisation's ability to secure confidential information from Finnish national authorities.

Katakri is used when evaluating organisation's ability to secure confidential information from Finnish national authorities.

The Cybersecurity Act "Kibernetinio Saugumo Įstatymas" implements the European Union NIS2 law in Lithuania. It sets out requirements for various organisations to strengthen their cybersecurity risk management.

Kyberturvallisuuslaki säätää tietoturvatoimenpiteistä keskeisiksi tai tärkeiksi nimetyillä toimialoilla sekä kyberturvallisuutta koskevien riskien hallinnasta. Kyberturvallisuuslaki vie Suomessa täytäntöön NIS2 -direktiivin.

The European Union NIS2 has been transposed in Belgium into national law as the NIS2 law. The law closely aligns with the EU NIS2 directive and features only minor national differences. It obligates and defines cybersecurity rules for companies registered in Belgium working in the critical sector.

The Landskapslag om cybersäkerhet och motståndskraft is an Åland law implementing EU cybersecurity directives to strengthen digital resilience and protect critical infrastructure.

The Law on Cybersecurity Coordination and Governance is a Spanish law transposing the NIS2 Directive, aimed at enhancing cybersecurity across critical sectors through improved coordination, risk management, and incident reporting.

The Belgian Law of 1 July 2011 on the security and protection of critical infrastructures establishes a security and protection framework for critical infrastructure. It mandates protective measures for critical infrastructure and implements EU directive 2008/114/EC.

The 'Lov om digital sikkerhet' is Norway's implementation of the EU's NIS2 Directive, enhancing cybersecurity standards for essential services and expanding the scope of regulated entities.

MSBFS 2020:6 is a Swedish regulation setting information security requirements for government agencies, focusing on confidentiality, integrity, and availability of information.

MSBFS 2020:7 is a Swedish regulation outlining security measures for information systems in government agencies, focusing on implementing and maintaining robust information security practices.

MSBFS 2020:8 is a Swedish regulation mandating governmental authorities to report IT incidents that seriously impact information security to the Swedish Civil Contingencies Agency (MSB).

NEN 7510 is a Dutch standard for information security in healthcare ensuring the confidentiality, integrity, and availability of patient data.

The NIS2UmsuCG is the German law transposing the EU NIS2 Directive, enhancing cybersecurity standards and expanding the scope of regulated entities in Germany.

NCM ICT Security Principles is a framework for ICT security published and maintained by the Norwegian National Security Authority (NSM). The security principles advice businesses and organisations on how to protect their information systems from unauthorized access, damage or misuse.

NIS2 has been adopted as "National Cyber Security Act" in Latvia. It improves the security of information and communication technologies, including setting requirements for the provision and receipt of essential and important services and operation of information and communication technologies.

NISG 2024 is the Austrian law transposing the EU's NIS2 Directive, enhancing the cybersecurity of essential and important entities by setting security requirements for network and information systems.

OUG 155/2024 is a Romanian law implementing the NIS2 Directive, designed to bolster cybersecurity across essential and important entities by establishing a framework for network and information system security.

The Personal Data Protection Law (PDPL) is Saudi Arabia's first data protection law. It is designed to protect the personal data of residents and regulate how businesses handle this data.

Projet de loi n° 8364 is a Luxembourgish bill transposing the NIS2 Directive, enhancing cybersecurity measures and resilience across various sectors in Luxembourg.

This law is designed to promote harmonization of information management, cyber security and digitalisation in public administration.

The Regime Jurídico da Cibersegurança is Portugal's implementation of the NIS2 Directive, enhancing cybersecurity standards and resilience for essential and important entities.

The Security Act (Sikkerhetsloven) is a Norwegian law designed to safeguard national security interests by preventing and counteracting security threats.

The Swedish Security Protection Act regulates security measures for activities of importance to Sweden's security, applying to both public and private sectors.

The National Cyber Security Bill 2024 transposes the EU's NIS2 Directive into Irish law, enhancing cybersecurity requirements and establishing the NCSC's role.

Tiedonhallintalautakunnan suositus, joka opastaa tiedonhallintalain asettamien tietoturvallisuuden vähimmäisvaatimusten täyttämisessä.

The self-monitoring plan supports Finnish social and health care service providers in planning data security and data protection.

Tietoturvasuunnitelma kuvaa sosiaali- ja terveyspalveluiden tuottajan digiturvakäytäntöjä. Se perustuu asiakastietolakiin ja korvaa omavalvontasuunnitelman.

The Ustawa o krajowym systemie cyberbezpieczeństwa is the Polish Act on the National Cybersecurity System, implementing the NIS2 Directive and establishing cybersecurity requirements for various sectors and entities in Poland.

Zakon o informacijski varnosti (ZInfV-1) is a Slovenian law that strengthens the national cybersecurity system and implements the NIS2 Directive, focusing on enhancing network and information system security.

Croatian implementation of the NIS2 The Cybersecurity Act (Zakon o kibernetičkoj sigurnosti NN 14/2024) has come into account in February 2024. It defines cybersecurity rules for Croatian companies with the same criteria as NIS2 with some exceptions.

The Zákon o kybernetickej bezpečnosti is the Slovakian law implementing the NIS2 Directive, enhancing cybersecurity measures and expanding the scope of regulated entities to protect critical infrastructure and services.

Greece has implemented the European Union’s NIS2 Directive with the aim of achieving a high level of cybersecurity through specific cybersecurity measures.

Cypriot Law 5160/2024 transposes the EU NIS2 Directive into national law, expanding cybersecurity requirements for essential and important entities and establishing the National Cybersecurity Authority (NCSA) for enforcement.

The Law for the Implementation of NIS2 in Bulgaria transposes the EU's NIS2 Directive into Bulgarian national law, enhancing cybersecurity standards and expanding the scope of affected entities.

Legal Notice 71 of 2025 is a Maltese law that implements the NIS2 Directive, enhancing cybersecurity resilience across essential and important sectors by setting stringent requirements for risk management, incident reporting, and governance.

Danish regulation enhancing resilience and preparedness in the energy sector, implementing CER and NIS2 requirements and focusing on organizational preparedness, physical security, and cybersecurity.

Cyber Essentials is backed by the UK's government. It helps an organization get the essentials of cyber security covered to decrease the chance of basic cyber attacks.

The CyberFundamentals framework is created by Centre for Cyber security Belgium. It provides a set of concrete measures to protect your data, significantly reduce the risk of the most common cyber-attacks, and increase your organisation's cyber resilience.

The Cyberbeveiligingswet (Cbw) is the Dutch implementation of the NIS2 Directive, designed to bolster cybersecurity across essential sectors by imposing risk management and incident reporting obligations.

The Cybersecurity Law of the People's Republic of China is a law designed to ensure cybersecurity, data protection, and data localization. It defines security obligations for network operators and service providers and establishes rules for data management and cross-border data transfer.

The Cybersicherheitsverordnung (CSV) is a Swiss ordinance detailing the implementation of the Information Security Act (ISG), mandating cyberattack reporting for critical infrastructure and defining cybersecurity roles and strategies.

The Law on Measures to Ensure a High Level of Cybersecurity (Cybersikkerhedsloven) is the Danish implementation of the NIS2 Directive, enhancing cybersecurity across critical sectors.

The Cybersäkerhetslagen (CSL) is Sweden's implementation of the NIS2 Directive, enhancing cybersecurity requirements for essential and important sectors, with stricter rules and broader scope.

<p>Digital security overview is a service developed and maintained by the Finnish Digital and population data services agency with the goal of gathering information about the digital security status of public sector organisations.</p>

Il Cybersecurity Act Decreto legislativo n. 138 implements the European Union's NIS2 directive in Italy. It establishes requirements for various organizations in order to strengthen the management of cybersecurity risks.

Cyber security evaluation criteria by Finnish authorities for Finnish public administration.

Katakri is used when evaluating organisation's ability to secure confidential information from Finnish national authorities.

Katakri is used when evaluating organisation's ability to secure confidential information from Finnish national authorities.

The Cybersecurity Act "Kibernetinio Saugumo Įstatymas" implements the European Union NIS2 law in Lithuania. It sets out requirements for various organisations to strengthen their cybersecurity risk management.

Kyberturvallisuuslaki säätää tietoturvatoimenpiteistä keskeisiksi tai tärkeiksi nimetyillä toimialoilla sekä kyberturvallisuutta koskevien riskien hallinnasta. Kyberturvallisuuslaki vie Suomessa täytäntöön NIS2 -direktiivin.

The European Union NIS2 has been transposed in Belgium into national law as the NIS2 law. The law closely aligns with the EU NIS2 directive and features only minor national differences. It obligates and defines cybersecurity rules for companies registered in Belgium working in the critical sector.

The Landskapslag om cybersäkerhet och motståndskraft is an Åland law implementing EU cybersecurity directives to strengthen digital resilience and protect critical infrastructure.

The Law on Cybersecurity Coordination and Governance is a Spanish law transposing the NIS2 Directive, aimed at enhancing cybersecurity across critical sectors through improved coordination, risk management, and incident reporting.

The Belgian Law of 1 July 2011 on the security and protection of critical infrastructures establishes a security and protection framework for critical infrastructure. It mandates protective measures for critical infrastructure and implements EU directive 2008/114/EC.

The 'Lov om digital sikkerhet' is Norway's implementation of the EU's NIS2 Directive, enhancing cybersecurity standards for essential services and expanding the scope of regulated entities.

MSBFS 2020:6 is a Swedish regulation setting information security requirements for government agencies, focusing on confidentiality, integrity, and availability of information.

MSBFS 2020:7 is a Swedish regulation outlining security measures for information systems in government agencies, focusing on implementing and maintaining robust information security practices.

MSBFS 2020:8 is a Swedish regulation mandating governmental authorities to report IT incidents that seriously impact information security to the Swedish Civil Contingencies Agency (MSB).

NEN 7510 is a Dutch standard for information security in healthcare ensuring the confidentiality, integrity, and availability of patient data.

The NIS2UmsuCG is the German law transposing the EU NIS2 Directive, enhancing cybersecurity standards and expanding the scope of regulated entities in Germany.

NCM ICT Security Principles is a framework for ICT security published and maintained by the Norwegian National Security Authority (NSM). The security principles advice businesses and organisations on how to protect their information systems from unauthorized access, damage or misuse.

NIS2 has been adopted as "National Cyber Security Act" in Latvia. It improves the security of information and communication technologies, including setting requirements for the provision and receipt of essential and important services and operation of information and communication technologies.

NISG 2024 is the Austrian law transposing the EU's NIS2 Directive, enhancing the cybersecurity of essential and important entities by setting security requirements for network and information systems.

OUG 155/2024 is a Romanian law implementing the NIS2 Directive, designed to bolster cybersecurity across essential and important entities by establishing a framework for network and information system security.

The Personal Data Protection Law (PDPL) is Saudi Arabia's first data protection law. It is designed to protect the personal data of residents and regulate how businesses handle this data.

Projet de loi n° 8364 is a Luxembourgish bill transposing the NIS2 Directive, enhancing cybersecurity measures and resilience across various sectors in Luxembourg.

This law is designed to promote harmonization of information management, cyber security and digitalisation in public administration.

The Regime Jurídico da Cibersegurança is Portugal's implementation of the NIS2 Directive, enhancing cybersecurity standards and resilience for essential and important entities.

The Security Act (Sikkerhetsloven) is a Norwegian law designed to safeguard national security interests by preventing and counteracting security threats.

The Swedish Security Protection Act regulates security measures for activities of importance to Sweden's security, applying to both public and private sectors.

The National Cyber Security Bill 2024 transposes the EU's NIS2 Directive into Irish law, enhancing cybersecurity requirements and establishing the NCSC's role.

Tiedonhallintalautakunnan suositus, joka opastaa tiedonhallintalain asettamien tietoturvallisuuden vähimmäisvaatimusten täyttämisessä.

The self-monitoring plan supports Finnish social and health care service providers in planning data security and data protection.

Tietoturvasuunnitelma kuvaa sosiaali- ja terveyspalveluiden tuottajan digiturvakäytäntöjä. Se perustuu asiakastietolakiin ja korvaa omavalvontasuunnitelman.

The Ustawa o krajowym systemie cyberbezpieczeństwa is the Polish Act on the National Cybersecurity System, implementing the NIS2 Directive and establishing cybersecurity requirements for various sectors and entities in Poland.

Zakon o informacijski varnosti (ZInfV-1) is a Slovenian law that strengthens the national cybersecurity system and implements the NIS2 Directive, focusing on enhancing network and information system security.

Croatian implementation of the NIS2 The Cybersecurity Act (Zakon o kibernetičkoj sigurnosti NN 14/2024) has come into account in February 2024. It defines cybersecurity rules for Croatian companies with the same criteria as NIS2 with some exceptions.

The Zákon o kybernetickej bezpečnosti is the Slovakian law implementing the NIS2 Directive, enhancing cybersecurity measures and expanding the scope of regulated entities to protect critical infrastructure and services.

Greece has implemented the European Union’s NIS2 Directive with the aim of achieving a high level of cybersecurity through specific cybersecurity measures.

Cypriot Law 5160/2024 transposes the EU NIS2 Directive into national law, expanding cybersecurity requirements for essential and important entities and establishing the National Cybersecurity Authority (NCSA) for enforcement.

The Law for the Implementation of NIS2 in Bulgaria transposes the EU's NIS2 Directive into Bulgarian national law, enhancing cybersecurity standards and expanding the scope of affected entities.

ISO 27017 is a security standard developed especially for cloud service providers and users to create a safer cloud-based environment and reduce the risk of security incidents.

ISO 27018 is a security standard developed especially for cloud service providers to ensure risks are assessed and controls are implemented to protect personally identifiable information (PII).

C2M2 helps organizations evaluate their cybersecurity capabilities using a set of industry-vetted practices focused on IT and OT assets and environments.

Privacy extension to ISO 27001. Upgrades an existing ISMS with additional privacy requirements to establish a Privacy Information Management System (PIMS).

Full, certification-level ISMS. Complete set of security controls along with management, auditing and risk evaluation aspects.

ISO 9001 helps organizations of all sizes to exceed customer expectations and establish a quality management system (QMS).

NCSC's Cyber Assessment Framework (CAF) 4.0 is a UK framework designed to help organizations providing essential services assess and improve their cyber resilience through a structured, outcome-focused approach.

NIST CSF's new 2.0 edition is designed to help all organizations in any sector to achieve their cybersecurity goals with added emphasis on governance as well as supply chains.

NIST is designed to help owners and operators of critical infrastructure to identify, assess and manage cyber risks.

SOC 2 framework specifies how organizations should protect customer data from e.g. unauthorized access, security incidents or other vulnerabilities. It is developed by the American Institute of Certified Public Accountants (AICPA).

TISAX is an assessment and exchange mechanism for the information security of enterprises and allows recognition of assessment results among the participants.

The Digital Operational Resilience Act (DORA) is the EU law on digital operational resilience. It aims to strengthen resilience in all aspects of financial institutions.

GDPR sets out the requirements for lawful processing of personal data and demonstrating the adequate protection of data.

Full, certification-level ISMS. Complete set of security controls along with management, auditing and risk evaluation aspects.

NIS2 sets the baseline for cybersecurity risk management measures and reporting obligations across important industries covered by the directive.

The Critical Entities Resilience (CER) Directive is an EU law focused on strengthening the resilience of critical entities providing essential services across various sectors, ensuring they can withstand a range of threats and hazards.

The CIS18 critical security controls is a comprehensive set of instructions and measures released by The Center for Internet Security. Controls are designed to fix and prevent common vulnerabilities and to offer organizations a structured way to strengthen their security.

The Cyber Resilience Act is an EU regulation for improving cyber security and cyber resilience in the EU. It includes requirements for hardware and software products with digital elements.

The DORA RTS on simplified ICT risk management describes the key elements that financial entities subject to lower scale, risk, size and complexity need to have in place to manage risks.