The Digital Operational Resilience Act (DORA) is the EU law on digital operational resilience. It aims to strengthen resilience in all aspects of financial institutions.

GDPR sets out the requirements for lawful processing of personal data and demonstrating the adequate protection of data.

Full, certification-level ISMS. Complete set of security controls along with management, auditing and risk evaluation aspects.

NIS2 sets the baseline for cybersecurity risk management measures and reporting obligations across important industries covered by the directive.

The Critical Entities Resilience (CER) Directive is an EU law focused on strengthening the resilience of critical entities providing essential services across various sectors, ensuring they can withstand a range of threats and hazards .

The CIS18 critical security controls is a comprehensive set of instructions and measures released by The Center for Internet Security. Controls are designed to fix and prevent common vulnerabilities and to offer organizations a structured way to strengthen their security.

The Cyber Resilience Act is an EU regulation for improving cyber security and cyber resilience in the EU. It includes requirements for hardware and software products with digital elements.

The DORA RTS on simplified ICT risk management describes the key elements that financial entities subject to lower scale, risk, size and complexity need to have in place to manage risks.

Full, certification-level ISMS. Complete set of security controls along with management, auditing and risk evaluation aspects.

NIST CSF's new 2.0 edition is designed to help all organizations in any sector to achieve their cybersecurity goals with added emphasis on governance as well as supply chains.

NIST is designed to help owners and operators of critical infrastructure to identify, assess and manage cyber risks.

SOC 2 framework specifies how organizations should protect customer data from e.g. unauthorized access, security incidents or other vulnerabilities. It is developed by the American Institute of Certified Public Accountants (AICPA).

TISAX is an assessment and exchange mechanism for the information security of enterprises and allows recognition of assessment results among the participants.

C2M2 helps organizations evaluate their cybersecurity capabilities using a set of industry-vetted practices focused on IT and OT assets and environments.

Privacy extension to ISO 27001. Upgrades an existing ISMS with additional privacy requirements to establish a Privacy Information Management System (PIMS).

ISO 27017 is a security standard developed especially for cloud service providers and users to create a safer cloud-based environment and reduce the risk of security incidents.

ISO 27018 is a security standard developed especially for cloud service providers to ensure risks are assessed and controls are implemented to protect personally identifiable information (PII).

Legal Notice 71 of 2025 is a Maltese law that implements the NIS2 Directive, enhancing cybersecurity resilience across essential and important sectors by setting stringent requirements for risk management, incident reporting, and governance.

Cyber Essentials is backed by the UK's government. It helps an organization get the essentials of cyber security covered to decrease the chance of basic cyber attacks.

The CyberFundamentals framework is created by Centre for Cyber security Belgium. It provides a set of concrete measures to protect your data, significantly reduce the risk of the most common cyber-attacks, and increase your organisation's cyber resilience.

The Cyberbeveiligingswet (Cbw) is the Dutch implementation of the NIS2 Directive, designed to bolster cybersecurity across essential sectors by imposing risk management and incident reporting obligations.

The Cybersicherheitsverordnung (CSV) is a Swiss ordinance detailing the implementation of the Information Security Act (ISG), mandating cyberattack reporting for critical infrastructure and defining cybersecurity roles and strategies.

The Law on Measures to Ensure a High Level of Cybersecurity (Cybersikkerhedsloven) is the Danish implementation of the NIS2 Directive, enhancing cybersecurity across critical sectors.

The Cybersäkerhetslagen (CSL) is Sweden's implementation of the NIS2 Directive, enhancing cybersecurity requirements for essential and important sectors, with stricter rules and broader scope.

<p>Digital security overview is a service developed and maintained by the Finnish Digital and population data services agency with the goal of gathering information about the digital security status of public sector organisations.</p>

Il Cybersecurity Act Decreto legislativo n. 138 implements the European Union's NIS2 directive in Italy. It establishes requirements for various organizations in order to strengthen the management of cybersecurity risks.

Cyber security evaluation criteria by Finnish authorities for Finnish public administration.

Katakri is used when evaluating organisation's ability to secure confidential information from Finnish national authorities.

Katakri is used when evaluating organisation's ability to secure confidential information from Finnish national authorities.

The Cybersecurity Act "Kibernetinio Saugumo Įstatymas" implements the European Union NIS2 law in Lithuania. It sets out requirements for various organisations to strengthen their cybersecurity risk management.

Kyberturvallisuuslaki säätää tietoturvatoimenpiteistä keskeisiksi tai tärkeiksi nimetyillä toimialoilla sekä kyberturvallisuutta koskevien riskien hallinnasta. Kyberturvallisuuslaki vie Suomessa täytäntöön NIS2 -direktiivin.

The European Union NIS2 has been transposed in Belgium into national law as the NIS2 law. The law closely aligns with the EU NIS2 directive and features only minor national differences. It obligates and defines cybersecurity rules for companies registered in Belgium working in the critical sector.

The Law on Cybersecurity Coordination and Governance is a Spanish law transposing the NIS2 Directive, aimed at enhancing cybersecurity across critical sectors through improved coordination, risk management, and incident reporting.

The Belgian Law of 1 July 2011 on the security and protection of critical infrastructures establishes a security and protection framework for critical infrastructure. It mandates protective measures for critical infrastructure and implements EU directive 2008/114/EC.

The 'Lov om digital sikkerhet' is Norway's implementation of the EU's NIS2 Directive, enhancing cybersecurity standards for essential services and expanding the scope of regulated entities.

The NIS2UmsuCG is the German law transposing the EU NIS2 Directive, enhancing cybersecurity standards and expanding the scope of regulated entities in Germany.

NCM ICT Security Principles is a framework for ICT security published and maintained by the Norwegian National Security Authority (NSM). The security principles advice businesses and organisations on how to protect their information systems from unauthorized access, damage or misuse.

NIS2 has been adopted as "National Cyber Security Act" in Latvia. It improves the security of information and communication technologies, including setting requirements for the provision and receipt of essential and important services and operation of information and communication technologies.

NISG 2024 is the Austrian law transposing the EU's NIS2 Directive, enhancing the cybersecurity of essential and important entities by setting security requirements for network and information systems.

OUG 155/2024 is a Romanian law implementing the NIS2 Directive, designed to bolster cybersecurity across essential and important entities by establishing a framework for network and information system security.

Projet de loi n° 8364 is a Luxembourgish bill transposing the NIS2 Directive, enhancing cybersecurity measures and resilience across various sectors in Luxembourg.

This law is designed to promote harmonization of information management, cyber security and digitalisation in public administration.

The Security Act (Sikkerhetsloven) is a Norwegian law designed to safeguard national security interests by preventing and counteracting security threats.

The Swedish Security Protection Act regulates security measures for activities of importance to Sweden's security, applying to both public and private sectors.

The National Cyber Security Bill 2024 transposes the EU's NIS2 Directive into Irish law, enhancing cybersecurity requirements and establishing the NCSC's role.

Tiedonhallintalautakunnan suositus, joka opastaa tiedonhallintalain asettamien tietoturvallisuuden vähimmäisvaatimusten täyttämisessä.

The self-monitoring plan supports Finnish social and health care service providers in planning data security and data protection.

Tietoturvasuunnitelma kuvaa sosiaali- ja terveyspalveluiden tuottajan digiturvakäytäntöjä. Se perustuu asiakastietolakiin ja korvaa omavalvontasuunnitelman.

Croatian implementation of the NIS2 The Cybersecurity Act (Zakon o kibernetičkoj sigurnosti NN 14/2024) has come into account in February 2024. It defines cybersecurity rules for Croatian companies with the same criteria as NIS2 with some exceptions.

Η Ελλάδα έχει εφαρμόσει την οδηγία NIS2 της Ευρωπαϊκής Ένωσης με σκοπό την επίτευξη υψηλού επιπέδου ασφάλειας στον κυβερνοχώρο με τα ειδικά μέτρα ασφάλειας στον κυβερνοχώρο.

Cypriot Law 5160/2024 transposes the EU NIS2 Directive into national law, expanding cybersecurity requirements for essential and important entities and establishing the National Cybersecurity Authority (NCSA) for enforcement.

The Law for the Implementation of NIS2 in Bulgaria transposes the EU's NIS2 Directive into Bulgarian national law, enhancing cybersecurity standards and expanding the scope of affected entities.

Legal Notice 71 of 2025 is a Maltese law that implements the NIS2 Directive, enhancing cybersecurity resilience across essential and important sectors by setting stringent requirements for risk management, incident reporting, and governance.

Cyber Essentials is backed by the UK's government. It helps an organization get the essentials of cyber security covered to decrease the chance of basic cyber attacks.

The CyberFundamentals framework is created by Centre for Cyber security Belgium. It provides a set of concrete measures to protect your data, significantly reduce the risk of the most common cyber-attacks, and increase your organisation's cyber resilience.

The Cyberbeveiligingswet (Cbw) is the Dutch implementation of the NIS2 Directive, designed to bolster cybersecurity across essential sectors by imposing risk management and incident reporting obligations.

The Cybersicherheitsverordnung (CSV) is a Swiss ordinance detailing the implementation of the Information Security Act (ISG), mandating cyberattack reporting for critical infrastructure and defining cybersecurity roles and strategies.

The Law on Measures to Ensure a High Level of Cybersecurity (Cybersikkerhedsloven) is the Danish implementation of the NIS2 Directive, enhancing cybersecurity across critical sectors.

The Cybersäkerhetslagen (CSL) is Sweden's implementation of the NIS2 Directive, enhancing cybersecurity requirements for essential and important sectors, with stricter rules and broader scope.

<p>Digital security overview is a service developed and maintained by the Finnish Digital and population data services agency with the goal of gathering information about the digital security status of public sector organisations.</p>

Il Cybersecurity Act Decreto legislativo n. 138 implements the European Union's NIS2 directive in Italy. It establishes requirements for various organizations in order to strengthen the management of cybersecurity risks.

Cyber security evaluation criteria by Finnish authorities for Finnish public administration.

Katakri is used when evaluating organisation's ability to secure confidential information from Finnish national authorities.

Katakri is used when evaluating organisation's ability to secure confidential information from Finnish national authorities.

The Cybersecurity Act "Kibernetinio Saugumo Įstatymas" implements the European Union NIS2 law in Lithuania. It sets out requirements for various organisations to strengthen their cybersecurity risk management.

Kyberturvallisuuslaki säätää tietoturvatoimenpiteistä keskeisiksi tai tärkeiksi nimetyillä toimialoilla sekä kyberturvallisuutta koskevien riskien hallinnasta. Kyberturvallisuuslaki vie Suomessa täytäntöön NIS2 -direktiivin.

The European Union NIS2 has been transposed in Belgium into national law as the NIS2 law. The law closely aligns with the EU NIS2 directive and features only minor national differences. It obligates and defines cybersecurity rules for companies registered in Belgium working in the critical sector.

The Law on Cybersecurity Coordination and Governance is a Spanish law transposing the NIS2 Directive, aimed at enhancing cybersecurity across critical sectors through improved coordination, risk management, and incident reporting.

The Belgian Law of 1 July 2011 on the security and protection of critical infrastructures establishes a security and protection framework for critical infrastructure. It mandates protective measures for critical infrastructure and implements EU directive 2008/114/EC.

The 'Lov om digital sikkerhet' is Norway's implementation of the EU's NIS2 Directive, enhancing cybersecurity standards for essential services and expanding the scope of regulated entities.

The NIS2UmsuCG is the German law transposing the EU NIS2 Directive, enhancing cybersecurity standards and expanding the scope of regulated entities in Germany.

NCM ICT Security Principles is a framework for ICT security published and maintained by the Norwegian National Security Authority (NSM). The security principles advice businesses and organisations on how to protect their information systems from unauthorized access, damage or misuse.

NIS2 has been adopted as "National Cyber Security Act" in Latvia. It improves the security of information and communication technologies, including setting requirements for the provision and receipt of essential and important services and operation of information and communication technologies.

NISG 2024 is the Austrian law transposing the EU's NIS2 Directive, enhancing the cybersecurity of essential and important entities by setting security requirements for network and information systems.

OUG 155/2024 is a Romanian law implementing the NIS2 Directive, designed to bolster cybersecurity across essential and important entities by establishing a framework for network and information system security.

Projet de loi n° 8364 is a Luxembourgish bill transposing the NIS2 Directive, enhancing cybersecurity measures and resilience across various sectors in Luxembourg.

This law is designed to promote harmonization of information management, cyber security and digitalisation in public administration.

The Security Act (Sikkerhetsloven) is a Norwegian law designed to safeguard national security interests by preventing and counteracting security threats.

The Swedish Security Protection Act regulates security measures for activities of importance to Sweden's security, applying to both public and private sectors.

The National Cyber Security Bill 2024 transposes the EU's NIS2 Directive into Irish law, enhancing cybersecurity requirements and establishing the NCSC's role.

Tiedonhallintalautakunnan suositus, joka opastaa tiedonhallintalain asettamien tietoturvallisuuden vähimmäisvaatimusten täyttämisessä.

The self-monitoring plan supports Finnish social and health care service providers in planning data security and data protection.

Tietoturvasuunnitelma kuvaa sosiaali- ja terveyspalveluiden tuottajan digiturvakäytäntöjä. Se perustuu asiakastietolakiin ja korvaa omavalvontasuunnitelman.

Croatian implementation of the NIS2 The Cybersecurity Act (Zakon o kibernetičkoj sigurnosti NN 14/2024) has come into account in February 2024. It defines cybersecurity rules for Croatian companies with the same criteria as NIS2 with some exceptions.

Η Ελλάδα έχει εφαρμόσει την οδηγία NIS2 της Ευρωπαϊκής Ένωσης με σκοπό την επίτευξη υψηλού επιπέδου ασφάλειας στον κυβερνοχώρο με τα ειδικά μέτρα ασφάλειας στον κυβερνοχώρο.

Cypriot Law 5160/2024 transposes the EU NIS2 Directive into national law, expanding cybersecurity requirements for essential and important entities and establishing the National Cybersecurity Authority (NCSA) for enforcement.

The Law for the Implementation of NIS2 in Bulgaria transposes the EU's NIS2 Directive into Bulgarian national law, enhancing cybersecurity standards and expanding the scope of affected entities.

ISO 27017 is a security standard developed especially for cloud service providers and users to create a safer cloud-based environment and reduce the risk of security incidents.

ISO 27018 is a security standard developed especially for cloud service providers to ensure risks are assessed and controls are implemented to protect personally identifiable information (PII).

C2M2 helps organizations evaluate their cybersecurity capabilities using a set of industry-vetted practices focused on IT and OT assets and environments.

Privacy extension to ISO 27001. Upgrades an existing ISMS with additional privacy requirements to establish a Privacy Information Management System (PIMS).

Full, certification-level ISMS. Complete set of security controls along with management, auditing and risk evaluation aspects.

NIST CSF's new 2.0 edition is designed to help all organizations in any sector to achieve their cybersecurity goals with added emphasis on governance as well as supply chains.

NIST is designed to help owners and operators of critical infrastructure to identify, assess and manage cyber risks.

SOC 2 framework specifies how organizations should protect customer data from e.g. unauthorized access, security incidents or other vulnerabilities. It is developed by the American Institute of Certified Public Accountants (AICPA).

TISAX is an assessment and exchange mechanism for the information security of enterprises and allows recognition of assessment results among the participants.

The Digital Operational Resilience Act (DORA) is the EU law on digital operational resilience. It aims to strengthen resilience in all aspects of financial institutions.

GDPR sets out the requirements for lawful processing of personal data and demonstrating the adequate protection of data.

Full, certification-level ISMS. Complete set of security controls along with management, auditing and risk evaluation aspects.

NIS2 sets the baseline for cybersecurity risk management measures and reporting obligations across important industries covered by the directive.

The Critical Entities Resilience (CER) Directive is an EU law focused on strengthening the resilience of critical entities providing essential services across various sectors, ensuring they can withstand a range of threats and hazards .

The CIS18 critical security controls is a comprehensive set of instructions and measures released by The Center for Internet Security. Controls are designed to fix and prevent common vulnerabilities and to offer organizations a structured way to strengthen their security.

The Cyber Resilience Act is an EU regulation for improving cyber security and cyber resilience in the EU. It includes requirements for hardware and software products with digital elements.

The DORA RTS on simplified ICT risk management describes the key elements that financial entities subject to lower scale, risk, size and complexity need to have in place to manage risks.