Skip to main content

Regulations & Compliance

Navigate regulatory requirements for software migration and modernization. Understand compliance obligations for GDPR, HIPAA, PCI DSS, and more.

GDPR

General Data Protection Regulation

European Union regulation on data protection and privacy for individuals within the EU and EEA

European Union
2018-05-25
privacydata-protectionpersonal-data+2
4 requirements

CCPA

California Consumer Privacy Act

California state statute enhancing privacy rights and consumer protection for residents of California

California, USA
2020-01-01
privacyconsumer-rightsdata-sale+1
3 requirements

HIPAA

Health Insurance Portability and Accountability Act

US legislation providing data privacy and security provisions for safeguarding medical information

United States
1996-08-21
healthcarephiprotected-health-information+1
4 requirements

PCI DSS

Payment Card Industry Data Security Standard

Information security standard for organizations that handle branded credit cards

Global
2004-12-15
paymentcredit-cardcardholder-data+1
5 requirements

SOX

Sarbanes-Oxley Act

US federal law mandating certain practices in financial record keeping and reporting for corporations

United States
2002-07-30
financial-reportinginternal-controlsaudit+1
4 requirements

EU AI Act

EU Artificial Intelligence Act

European Union regulation on artificial intelligence, establishing rules for AI systems based on risk levels

European Union
2024-08-01
artificial-intelligenceai-riskhigh-risk-ai+2
4 requirements

DORA

Digital Operational Resilience Act

EU regulation on digital operational resilience for the financial sector

European Union
2025-01-17
operational-resilienceict-riskincident-reporting+1
4 requirements

NIS2

Network and Information Security Directive 2

EU directive on cybersecurity measures across the Union

European Union
2024-10-17
cybersecuritycritical-infrastructureincident-reporting+1
4 requirements

FedRAMP

Federal Risk and Authorization Management Program

US government program providing standardized approach to security assessment for cloud products and services

United States
2011-12-08
cloud-securitygovernmentauthorization+1
4 requirements

LGPD

Lei Geral de Proteção de Dados

Brazil's General Data Protection Law regulating personal data processing

Brazil
2020-09-18
privacydata-protectionpersonal-data+1
4 requirements

PIPEDA

Personal Information Protection and Electronic Documents Act

Canadian federal privacy law for private-sector organizations

Canada
2000-04-13
privacyconsentpersonal-information+1
4 requirements

GLBA

Gramm-Leach-Bliley Act

US law requiring financial institutions to explain their information-sharing practices

United States
1999-11-12
financial-privacysafeguardspretexting+1
3 requirements

UK GDPR

United Kingdom General Data Protection Regulation

The UK's retained and amended version of the EU GDPR governing the processing of personal data of individuals in the United Kingdom.

United Kingdom
2021-01-01
uk-gdprdata-protectionprivacy+3
6 requirements4 standards

CCPA

California Consumer Privacy Act

California's landmark consumer privacy law giving residents rights to know, delete, and opt out of the sale of their personal information.

California
2020-01-01
ccpaconsumer-privacycalifornia+3
6 requirements3 standards

CPRA

California Privacy Rights Act

A 2020 ballot measure that expanded the CCPA, adding new consumer rights, sensitive data rules, and a dedicated California privacy regulator.

California
2023-01-01
cpracaliforniaprivacy+3
6 requirements3 standards

VCDPA

Virginia Consumer Data Protection Act

Virginia's comprehensive consumer privacy law granting residents data rights and imposing controller and processor obligations.

Virginia
2023-01-01
vcdpavirginiaprivacy+3
6 requirements2 standards

CPA

Colorado Privacy Act

Colorado's comprehensive consumer privacy law granting data rights and requiring recognition of universal opt-out mechanisms.

Colorado
2023-07-01
colorado-cpacoloradoprivacy+3
6 requirements2 standards

CTDPA

Connecticut Data Privacy Act

Connecticut's comprehensive consumer privacy law granting data rights and requiring opt-out preference signal recognition.

Connecticut
2023-07-01
ctdpaconnecticutprivacy+3
6 requirements2 standards

UCPA

Utah Consumer Privacy Act

Utah's comprehensive consumer privacy law granting limited data rights with a business-friendly, opt-out-based design.

Utah
2023-12-31
ucpautahprivacy+3
6 requirements2 standards

TDPSA

Texas Data Privacy and Security Act

Texas's comprehensive consumer privacy law applying to most businesses regardless of revenue, with broad data rights and opt-out signals.

Texas
2024-07-01
tdpsatexasprivacy+3
6 requirements2 standards

LGPD

Lei Geral de Proteção de Dados Pessoais

Brazil's general data protection law governing the processing of personal data, modeled closely on the EU GDPR.

Brazil
2020-09-18
lgpdbrazilprivacy+3
6 requirements3 standards

PIPEDA

Personal Information Protection and Electronic Documents Act

Canada's federal private-sector privacy law governing the collection, use, and disclosure of personal information in commercial activity.

Canada
2004-01-01
pipedacanadaprivacy+3
6 requirements2 standards

Quebec Law 25

Quebec Act to Modernize Legislative Provisions Respecting the Protection of Personal Information

Quebec's privacy reform law (formerly Bill 64) overhauling personal information protection in the public and private sectors.

Quebec
2022-09-22
quebec-law-25quebecbill-64+3
6 requirements2 standards

POPIA

Protection of Personal Information Act

South Africa's data protection law regulating the processing of personal information by public and private bodies.

South Africa
2021-07-01
popiasouth-africaprivacy+3
6 requirements2 standards

PDPA

Personal Data Protection Act 2012 (Singapore)

Singapore's data protection law governing the collection, use, and disclosure of personal data by private-sector organizations.

Singapore
2014-07-02
pdpa-singaporesingaporeprivacy+3
6 requirements2 standards

PDPA

Personal Data Protection Act B.E. 2562 (Thailand)

Thailand's comprehensive data protection law governing the collection, use, and disclosure of personal data, modeled on the GDPR.

Thailand
2022-06-01
pdpa-thailandthailandprivacy+3
6 requirements3 standards

APPI

Act on the Protection of Personal Information (Japan)

Japan's national data protection law governing how businesses handle personal information, overseen by the PPC.

Japan
2017-05-30
appijapanprivacy+3
6 requirements2 standards

PIPL

Personal Information Protection Law of the People's Republic of China

China's comprehensive personal information protection law governing processing of personal data with strict consent and cross-border rules.

China
2021-11-01
piplchinaprivacy+3
6 requirements2 standards

DPDP Act

Digital Personal Data Protection Act, 2023 (India)

India's first comprehensive data protection law governing the processing of digital personal data with consent at its core.

India
2023-08-11
dpdp-actindiaprivacy+3
6 requirements2 standards

Privacy Act

Privacy Act 1988 (Australia)

Australia's principal privacy law regulating handling of personal information through the Australian Privacy Principles.

Australia
1988-12-21
privacy-act-australiaaustraliaprivacy+3
6 requirements2 standards

KVKK

Law on the Protection of Personal Data No. 6698 (Turkey)

Turkey's data protection law regulating the processing of personal data, modeled on the EU Data Protection Directive.

Turkey
2016-04-07
kvkkturkeyprivacy+3
6 requirements2 standards

nFADP / nLPD

Federal Act on Data Protection (Switzerland)

Switzerland's revised federal data protection law modernizing privacy rules and aligning them more closely with the GDPR.

Switzerland
2023-09-01
nlpdnfadpswitzerland+3
6 requirements3 standards

PDPL

Personal Data Protection Law (Saudi Arabia)

Saudi Arabia's first comprehensive data protection law governing the processing of personal data, supervised by the SDAIA.

Saudi Arabia
2023-09-14
pdpl-saudisaudi-arabiaprivacy+3
6 requirements2 standards

UAE PDPL

Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE)

The United Arab Emirates' first federal data protection law governing the processing of personal data across the country.

United Arab Emirates
2022-01-02
uae-pdplunited-arab-emiratesprivacy+3
6 requirements2 standards

NDPA

Nigeria Data Protection Act 2023

Nigeria's comprehensive data protection law governing the processing of personal data and establishing a national data protection commission.

Nigeria
2023-06-12
ndpanigeriaprivacy+3
6 requirements2 standards

Kenya DPA

Data Protection Act 2019 (Kenya)

Kenya's comprehensive data protection law governing the processing of personal data and establishing the Office of the Data Protection Commissioner.

Kenya
2019-11-25
kenya-dpakenyaprivacy+3
6 requirements2 standards

NZ Privacy Act

Privacy Act 2020 (New Zealand)

New Zealand's principal privacy law regulating the handling of personal information through 13 Information Privacy Principles.

New Zealand
2020-12-01
nz-privacy-actnew-zealandprivacy+3
6 requirements2 standards

ePrivacy Directive

Directive 2002/58/EC on Privacy and Electronic Communications

The EU directive governing privacy in electronic communications, including cookies, traffic data, and marketing, often called the cookie law.

European Union
2002-07-31
eprivacy-directiveeuropean-unionprivacy+3
6 requirements3 standards

CIRCIA

Cyber Incident Reporting for Critical Infrastructure Act of 2022

US law requiring critical infrastructure entities to report covered cyber incidents and ransomware payments to CISA within defined deadlines.

United States
2022-03-15
circiaincident-reportingcritical-infrastructure+2
5 requirements3 standards

FISMA

Federal Information Security Modernization Act

US law requiring federal agencies and their contractors to secure information systems using risk-based controls and continuous oversight.

United States
2002-12-17
fismafederal-securitynist-rmf+2
6 requirements4 standards

CMMC

Cybersecurity Maturity Model Certification

US Department of Defense program requiring defense contractors to certify cybersecurity maturity to protect controlled unclassified information.

United States
2025-12-16
cmmcdefense-contractorscui+2
5 requirements3 standards

CRA

EU Cyber Resilience Act

EU regulation setting mandatory cybersecurity requirements for products with digital elements across their entire lifecycle.

European Union
2024-12-10
cyber-resilience-actcraproduct-security+2
6 requirements5 standards

Cyber Essentials

UK Cyber Essentials

UK government-backed certification scheme defining baseline technical controls to protect organizations against common cyber attacks.

United Kingdom
2014-06-05
cyber-essentialsukncsc+2
5 requirements3 standards

Essential Eight

Australian Cyber Security Centre Essential Eight

Australian government baseline of eight prioritized mitigation strategies to protect systems against common cyber threats.

Australia
2017-02-01
essential-eightaustraliaacsc+2
6 requirements4 standards

FedRAMP High

FedRAMP High Baseline

The FedRAMP authorization baseline for cloud services handling high-impact US federal data such as law enforcement and health records.

United States
2016-06-23
fedramp-highcloud-securityauthorization+2
5 requirements4 standards

SOX (Sarbanes-Oxley)

Sarbanes-Oxley Act of 2002

US law mandating accurate financial reporting and internal controls for public companies, with implications for IT and data integrity.

United States
2002-07-30
sarbanes-oxleyfinancial-reportinginternal-controls+2
6 requirements3 standards

PCI DSS 4.0

Payment Card Industry Data Security Standard v4.0

Global security standard for organizations that store, process, or transmit payment card data, mandated by the major card brands.

Global
2024-03-31
pci-dsspayment-cardscardholder-data+2
6 requirements5 standards

PSD2

Revised Payment Services Directive

EU directive regulating electronic payments, opening bank data to licensed third parties and mandating strong customer authentication.

European Union
2018-01-13
psd2open-bankingstrong-customer-authentication+2
5 requirements5 standards

MiFID II

Markets in Financial Instruments Directive II

EU framework regulating investment services and trading venues, with extensive transaction reporting, transparency, and record-keeping duties.

European Union
2018-01-03
mifid-iiinvestment-servicestransaction-reporting+2
6 requirements3 standards

Basel III

Basel III International Regulatory Framework for Banks

Global banking standards strengthening capital, leverage, and liquidity requirements to improve the resilience of the banking sector.

Global
2013-01-01
basel-iiibank-capitalliquidity+2
6 requirements3 standards

Dodd-Frank

Dodd-Frank Wall Street Reform and Consumer Protection Act

US law overhauling financial regulation after the 2008 crisis, covering systemic risk, derivatives, and consumer financial protection.

United States
2010-07-21
dodd-frankfinancial-reformsystemic-risk+2
5 requirements3 standards

FINRA

FINRA Rules

Rules of the US self-regulatory organization governing broker-dealers, covering conduct, supervision, recordkeeping, and communications.

United States
2007-07-30
finrabroker-dealersupervision+2
6 requirements3 standards

SEC Cyber Disclosure

SEC Cybersecurity Disclosure Rules

US SEC rules requiring public companies to disclose material cybersecurity incidents promptly and describe their risk-management governance.

United States
2023-12-18
sec-cyber-disclosurematerial-incident8-k+2
5 requirements4 standards

FFIEC

FFIEC Information Security Guidance

US interagency guidance and examination standards for information security and IT risk management at financial institutions.

United States
2016-09-09
ffiecfinancial-institutionsit-examination+2
5 requirements4 standards

EMIR

European Market Infrastructure Regulation

EU regulation on OTC derivatives, central counterparties, and trade repositories, mandating clearing, reporting, and risk mitigation.

European Union
2012-08-16
emirderivativescentral-clearing+2
5 requirements4 standards

Open Banking UK

UK Open Banking

UK framework requiring major banks to share account data and enable payments through standardized, secure APIs with customer consent.

United Kingdom
2018-01-13
open-bankingukapi-standards+2
5 requirements5 standards

HITECH

Health Information Technology for Economic and Clinical Health Act

US law that strengthened HIPAA, promoted electronic health records, and added breach notification and stronger enforcement for health data.

United States
2009-02-17
hitechehrbreach-notification+2
5 requirements4 standards

FERPA

Family Educational Rights and Privacy Act

US law protecting the privacy of student education records and giving students and parents rights over those records.

United States
1974-11-19
ferpastudent-recordseducation-privacy+2
5 requirements3 standards

COPPA

Children's Online Privacy Protection Act

US law governing the online collection of personal information from children under 13, requiring verifiable parental consent.

United States
2000-04-21
coppachildrens-privacyparental-consent+2
5 requirements3 standards

21 CFR Part 11

FDA 21 CFR Part 11 Electronic Records and Signatures

US FDA regulation setting requirements for trustworthy electronic records and electronic signatures in regulated life-sciences systems.

United States
1997-08-20
21-cfr-part-11electronic-recordselectronic-signatures+2
6 requirements3 standards

GDPR Transfers / SCCs

EU GDPR International Data Transfer Rules (Chapter V)

GDPR rules restricting transfers of personal data outside the EU/EEA unless an adequate safeguard such as SCCs or adequacy applies.

European Union
2021-09-27
data-transfersstandard-contractual-clausesadequacy+2
5 requirements4 standards

NYDFS Part 500

NYDFS Cybersecurity Regulation (23 NYCRR 500)

New York regulation requiring financial-services companies to maintain a risk-based cybersecurity program with specific safeguards.

United States
2017-03-01
nydfs23-nycrr-500financial-services+2
6 requirements4 standards

TISAX

Trusted Information Security Assessment Exchange

Automotive-industry information-security assessment and exchange mechanism based on the VDA ISA catalogue, used across the supply chain.

Global
2017-04-01
tisaxautomotiveinformation-security+2
5 requirements3 standards

FTC Safeguards Rule

FTC Safeguards Rule (Gramm-Leach-Bliley Act)

US FTC rule under GLBA requiring non-bank financial institutions to implement a comprehensive information security program for customer data.

United States
2023-06-09
safeguards-ruleglbafinancial-institutions+2
6 requirements4 standards

US AI Executive Order

Executive Order 14110 on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence

US federal executive order directing agencies to set safety, security, and rights standards for AI development and deployment across government and industry.

United States
2023-10-30
aiexecutive-orderai-safety+2
4 requirements3 standards

Colorado AI Act

Colorado Artificial Intelligence Act

Colorado state law requiring developers and deployers of high-risk AI systems to prevent algorithmic discrimination in consequential decisions.

Colorado
2026-06-30
aialgorithmic-discriminationhigh-risk-ai+2
4 requirements3 standards

AILD

EU AI Liability Directive (Proposed)

Proposed EU directive easing the burden of proof for victims claiming damage caused by AI systems, complementing the EU AI Act.

European Union
2022-09-28
ai-liabilityaicivil-liability+2
3 requirements2 standards

China Generative AI Measures

Interim Measures for the Management of Generative Artificial Intelligence Services

Chinese regulation governing public-facing generative AI services, covering content safety, training data, and security review.

China
2023-08-15
generative-aichinacontent-moderation+2
4 requirements3 standards

AIDA

Artificial Intelligence and Data Act

Proposed Canadian federal law (part of Bill C-27) regulating high-impact AI systems for safety and non-discrimination.

Canada
2022-06-16
aicanadahigh-impact-ai+2
4 requirements3 standards

NYC Local Law 144

New York City Local Law 144 on Automated Employment Decision Tools

NYC law requiring bias audits and candidate notice for automated employment decision tools used in hiring and promotion.

New York City
2023-07-05
aedtbias-audithiring+2
4 requirements2 standards

ADA

Americans with Disabilities Act

US civil rights law prohibiting disability discrimination; increasingly applied to website and digital service accessibility.

United States
1992-07-26
accessibilitydisabilitycivil-rights+2
4 requirements2 standards

Section 508

Section 508 of the Rehabilitation Act

US federal law requiring electronic and information technology procured or used by federal agencies to be accessible to people with disabilities.

United States
2001-06-21
accessibilitysection-508federal-it+2
4 requirements2 standards

EAA

European Accessibility Act

EU directive requiring a wide range of products and digital services to meet common accessibility requirements across member states.

European Union
2025-06-28
accessibilityeudigital-services+2
4 requirements2 standards

EN 301 549

EN 301 549 Accessibility Requirements for ICT Products and Services

European harmonized standard specifying accessibility requirements for ICT, used to demonstrate compliance with EU accessibility law.

European Union
2014-02-01
accessibilityicten-301-549+2
4 requirements2 standards

AODA

Accessibility for Ontarians with Disabilities Act

Ontario law setting accessibility standards, including web accessibility, for public and private organizations in the province.

Ontario
2005-06-13
accessibilityontarioaoda+2
4 requirements2 standards

UK Equality Act

Equality Act 2010

UK law prohibiting discrimination that requires service providers to make reasonable adjustments, including for accessible digital services.

United Kingdom
2010-10-01
accessibilityukequality+2
4 requirements2 standards

Data Act

EU Data Act

EU regulation governing access to and sharing of data from connected products and related services, including cloud-switching rules.

European Union
2025-09-12
data-actiotdata-sharing+2
4 requirements3 standards

DGA

EU Data Governance Act

EU regulation establishing trusted mechanisms for data sharing, data intermediaries, and data altruism across sectors.

European Union
2023-09-24
data-governancedata-intermediariesdata-altruism+2
4 requirements3 standards

DSA

EU Digital Services Act

EU regulation setting content moderation, transparency, and accountability rules for online intermediaries and large platforms.

European Union
2024-02-17
dsacontent-moderationonline-platforms+2
4 requirements2 standards

DMA

EU Digital Markets Act

EU regulation imposing fairness and contestability obligations on large digital gatekeeper platforms providing core platform services.

European Union
2023-05-02
dmagatekeepersinteroperability+2
4 requirements2 standards

eIDAS / eIDAS 2

eIDAS Regulation (Electronic Identification and Trust Services), including eIDAS 2.0

EU framework for electronic identification, trust services, and the European Digital Identity Wallet.

European Union
2016-07-01
eidasdigital-identitytrust-services+2
4 requirements4 standards

CLOUD Act

Clarifying Lawful Overseas Use of Data Act

US law clarifying that providers must produce data they control regardless of storage location, and enabling cross-border data agreements.

United States
2018-03-23
cloud-actdata-accesscross-border-data+2
4 requirements2 standards

DPF

EU-US Data Privacy Framework

Transatlantic mechanism allowing lawful transfer of personal data from the EU to certified US organizations under an adequacy decision.

European Union
2023-07-10
data-privacy-frameworkdata-transferadequacy+2
4 requirements3 standards

Schrems II

Schrems II (CJEU Judgment in Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems)

Landmark CJEU ruling invalidating the EU-US Privacy Shield and tightening conditions for international transfers of personal data.

European Union
2020-07-16
schrems-iidata-transferscc+2
4 requirements3 standards

Delete Act

California Delete Act

California law creating a single mechanism for consumers to direct all registered data brokers to delete their personal information.

California
2024-01-01
data-brokerdeletionprivacy+2
4 requirements3 standards

Right to Repair

EU Right to Repair Directive

EU directive promoting repair of goods, including obligations to provide spare parts, repair information, and software support.

European Union
2024-07-30
right-to-repairspare-partssoftware-updates+2
4 requirements2 standards

WAD

EU Web Accessibility Directive

EU directive requiring public-sector websites and mobile apps to be accessible and to publish accessibility statements.

European Union
2016-12-22
accessibilitypublic-sectorwcag+2
4 requirements2 standards

ISO/IEC 42001

ISO/IEC 42001 Artificial Intelligence Management System

International management-system standard for governing the responsible development and use of artificial intelligence within organizations.

Global
2023-12-18
ai-management-systemai-governanceiso-42001+2
4 requirements4 standards

OCPA

Oregon Consumer Privacy Act

Oregon's comprehensive consumer privacy law granting residents rights over their personal data and imposing duties on businesses that process it.

Oregon
2024-07-01
privacyconsumer-rightsoregon+1
5 requirements2 standards

MCDPA

Montana Consumer Data Privacy Act

Montana's comprehensive privacy law giving residents data rights and requiring controllers to honor opt-outs and protect sensitive data.

Montana
2024-10-01
privacyconsumer-rightsmontana+1
5 requirements2 standards

ICDPA

Iowa Consumer Data Protection Act

Iowa's consumer privacy law giving residents access, deletion, and opt-out rights with comparatively limited controller obligations.

Iowa
2025-01-01
privacyconsumer-rightsiowa+1
5 requirements2 standards

DPDPA

Delaware Personal Data Privacy Act

Delaware's comprehensive privacy law granting residents broad data rights with low applicability thresholds and coverage of many nonprofits.

Delaware
2025-01-01
privacyconsumer-rightsdelaware+1
5 requirements2 standards

NJDPA

New Jersey Data Privacy Act

New Jersey's comprehensive privacy law giving residents data rights and requiring consent for sensitive data and certain processing of minors.

New Jersey
2025-01-15
privacyconsumer-rightsnew-jersey+1
5 requirements2 standards

TIPA

Tennessee Information Protection Act

Tennessee's comprehensive privacy law granting consumer data rights and offering an affirmative defense for documented privacy programs.

Tennessee
2025-07-01
privacyconsumer-rightstennessee+1
5 requirements3 standards

INCDPA

Indiana Consumer Data Protection Act

Indiana's comprehensive privacy law granting residents data rights, with one of the latest effective dates among state privacy statutes.

Indiana
2026-01-01
privacyconsumer-rightsindiana+1
5 requirements2 standards

FDBR

Florida Digital Bill of Rights

Florida's privacy law targeting large technology companies, with rights for consumers and rules on data sales, profiling, and children's data.

Florida
2024-07-01
privacyconsumer-rightsflorida+2
5 requirements2 standards

NDPA

Nebraska Data Privacy Act

Nebraska's comprehensive privacy law modeled on Texas, applying to most businesses except small businesses regardless of data volume.

Nebraska
2025-01-01
privacyconsumer-rightsnebraska+1
5 requirements2 standards

NHPA

New Hampshire Privacy Act

New Hampshire's comprehensive privacy law granting residents data rights with low applicability thresholds and rulemaking by the Department of Justice.

New Hampshire
2025-01-01
privacyconsumer-rightsnew-hampshire+1
5 requirements2 standards

KCDPA

Kentucky Consumer Data Protection Act

Kentucky's comprehensive privacy law modeled on Virginia, granting residents data rights and requiring consent for sensitive data.

Kentucky
2026-01-01
privacyconsumer-rightskentucky+1
5 requirements2 standards

MODPA

Maryland Online Data Privacy Act

Maryland's strict privacy law imposing strong data minimization limits and broad protections, especially for sensitive data and minors.

Maryland
2025-10-01
privacyconsumer-rightsmaryland+2
5 requirements2 standards

MCDPA-MN

Minnesota Consumer Data Privacy Act

Minnesota's comprehensive privacy law with novel rights including the right to question profiling decisions and to review a data inventory.

Minnesota
2025-07-31
privacyconsumer-rightsminnesota+2
5 requirements2 standards

RIDTPPA

Rhode Island Data Transparency and Privacy Protection Act

Rhode Island's comprehensive privacy law granting consumer data rights with distinctive third-party disclosure transparency requirements.

Rhode Island
2026-01-01
privacyconsumer-rightsrhode-island+2
5 requirements2 standards

BIPA

Illinois Biometric Information Privacy Act

Illinois law regulating the collection and handling of biometric identifiers such as fingerprints and facial geometry, with a private right of action.

Illinois
2008-10-03
biometricprivacyillinois+3
5 requirements2 standards

PIPA

Personal Information Protection Act (South Korea)

South Korea's comprehensive data protection law, one of the strictest globally, governing the processing of personal information by public and private entities.

South Korea
2011-09-30
privacysouth-koreadata-protection+2
5 requirements3 standards

PDPA

Argentina Personal Data Protection Act (Law 25.326)

Argentina's foundational data protection law, recognized as EU-adequate, governing processing of personal data and habeas data rights.

Argentina
2000-11-02
privacyargentinadata-protection+2
5 requirements3 standards

LFPDPPP

Federal Law on Protection of Personal Data Held by Private Parties (Mexico)

Mexico's federal privacy law governing how private-sector entities collect and process personal data, centered on the privacy notice and ARCO rights.

Mexico
2010-07-06
privacymexicodata-protection+2
5 requirements2 standards

Law 1581

Colombia General Data Protection Law (Law 1581 of 2012)

Colombia's general data protection law governing the processing of personal data, requiring database registration and authorization from data subjects.

Colombia
2012-10-18
privacycolombiadata-protection+2
5 requirements2 standards

Law 19.628

Chile Law 19.628 on the Protection of Private Life

Chile's data protection law on the processing of personal data, recently overhauled by Law 21.719 to align with modern GDPR-style standards.

Chile
1999-08-28
privacychiledata-protection+2
5 requirements3 standards

DPA 2012

Philippines Data Privacy Act of 2012 (Republic Act 10173)

The Philippines' comprehensive data privacy law protecting personal information in government and private systems, enforced by the National Privacy Commission.

Philippines
2012-09-08
privacyphilippinesdata-protection+2
5 requirements3 standards

PDP Law

Indonesia Personal Data Protection Law (Law No. 27 of 2022)

Indonesia's first comprehensive personal data protection law, modeled on the GDPR, governing data controllers and processors across all sectors.

Indonesia
2022-10-17
privacyindonesiadata-protection+2
5 requirements3 standards

PDPD

Vietnam Personal Data Protection Decree (Decree 13/2023/ND-CP)

Vietnam's foundational personal data protection regulation establishing consent, data subject rights, and cross-border transfer impact assessments.

Vietnam
2023-07-01
privacyvietnamdata-protection+2
5 requirements3 standards

PDPA

Malaysia Personal Data Protection Act 2010

Malaysia's data protection law regulating the processing of personal data in commercial transactions, recently amended to add breach notification and a DPO duty.

Malaysia
2013-11-15
privacymalaysiadata-protection+2
5 requirements3 standards

PPL

Israel Protection of Privacy Law, 5741-1981

Israel's foundational privacy law governing databases of personal information, recognized as EU-adequate and modernized by Amendment 13.

Israel
1981-04-08
privacyisraeldata-protection+2
5 requirements4 standards

PDPL

Egypt Personal Data Protection Law (Law No. 151 of 2020)

Egypt's first comprehensive data protection law governing electronic personal data, requiring licensing, consent, and a data protection officer.

Egypt
2020-10-15
privacyegyptdata-protection+2
5 requirements3 standards

DPA 2012

Ghana Data Protection Act, 2012 (Act 843)

Ghana's data protection law regulating the processing of personal data and requiring registration of data controllers with the Data Protection Commission.

Ghana
2012-10-16
privacyghanadata-protection+2
5 requirements3 standards

NERC CIP

NERC Critical Infrastructure Protection Standards

Mandatory cybersecurity standards protecting the North American bulk electric system from physical and cyber threats.

United States
2008-06-18
nerc-cipenergybulk-electric-system+3
6 requirements4 standards

TSA Pipeline

TSA Pipeline Security Directives

Mandatory U.S. cybersecurity directives requiring critical pipeline owners to protect IT and OT systems against cyber threats.

United States
2021-05-28
tsapipelineot-security+3
6 requirements4 standards

EU MDR

EU Medical Device Regulation (Regulation (EU) 2017/745)

EU regulation governing the safety, performance, and market access of medical devices, including software as a medical device.

European Union
2021-05-26
eu-mdrmedical-devicessamd+3
6 requirements4 standards

EU IVDR

EU In Vitro Diagnostic Medical Devices Regulation (Regulation (EU) 2017/746)

EU regulation governing in-vitro diagnostic medical devices and related software, raising risk classification and clinical evidence requirements.

European Union
2022-05-26
eu-ivdrin-vitro-diagnosticsdiagnostics+3
6 requirements4 standards

FDA 524B Cyber

FDA Premarket Cybersecurity Requirements for Medical Devices (Section 524B)

U.S. FDA requirements obliging makers of connected medical devices to address cybersecurity in premarket submissions, including SBOMs and update plans.

United States
2023-03-29
fdamedical-device-cybersecuritycyber-device+3
6 requirements5 standards

UNECE R155

UN Regulation No. 155 — Cyber Security and Cyber Security Management System

UN regulation requiring vehicle manufacturers to operate a cybersecurity management system and secure vehicles across their lifecycle for type approval.

Global
2021-01-22
unece-r155automotivevehicle-cybersecurity+3
6 requirements4 standards

UNECE R156

UN Regulation No. 156 — Software Update and Software Update Management System

UN regulation requiring vehicle manufacturers to operate a software update management system and safely deliver over-the-air and other vehicle software updates.

Global
2021-01-22
unece-r156automotivesoftware-updates+3
6 requirements4 standards

ISO/SAE 21434

ISO/SAE 21434 Road Vehicles — Cybersecurity Engineering (Regulatory Context)

International standard for automotive cybersecurity engineering, widely used as the technical basis for meeting UNECE R155 type-approval obligations.

Global
2021-08-31
iso-sae-21434automotivevehicle-cybersecurity+3
6 requirements4 standards

UK TSA 2021

UK Telecommunications (Security) Act 2021

UK law imposing strong security duties on public telecoms providers to protect networks and services against cyber and supply chain threats.

United Kingdom
2022-10-01
uk-telecoms-security-acttelecomsnetwork-security+3
6 requirements4 standards

EU Cybersecurity Act

EU Cybersecurity Act (Regulation (EU) 2019/881)

EU regulation strengthening ENISA's mandate and creating an EU-wide cybersecurity certification framework for ICT products, services, and processes.

European Union
2019-06-27
eu-cybersecurity-actenisacertification+3
6 requirements4 standards

IoT Cybersecurity Act

Internet of Things Cybersecurity Improvement Act of 2020

U.S. law requiring IoT devices bought by the federal government to meet NIST security standards, with vulnerability disclosure guidance.

United States
2020-12-04
iot-cybersecurity-actiotnist+3
6 requirements4 standards

EU CSRD

EU Corporate Sustainability Reporting Directive (Directive (EU) 2022/2464)

EU directive requiring large and listed companies to report standardized, audited sustainability information including environmental, social, and governance data.

European Union
2024-01-05
eu-csrdsustainability-reportingesrs+3
6 requirements3 standards

SEC Climate Disclosure

SEC Climate-Related Disclosure Rules

U.S. SEC rules requiring public companies to disclose material climate-related risks, governance, and certain emissions in registration statements and reports.

United States
2024-03-06
sec-climate-disclosureclimate-riskesg+3
6 requirements2 standards

UK OSA

UK Online Safety Act 2023

UK law imposing duties of care on online platforms to protect users, especially children, from illegal and harmful content.

United Kingdom
2023-10-26
uk-online-safety-actonline-safetycontent-moderation+3
6 requirements2 standards

EU Cyber Solidarity Act

EU Cyber Solidarity Act (Regulation (EU) 2025/38)

EU regulation strengthening collective detection, preparedness, and response to large-scale cyber incidents across the Union.

European Union
2025-02-04
eu-cyber-solidarity-actincident-responsecyber-resilience+3
6 requirements4 standards

CA AADC

California Age-Appropriate Design Code Act

California law requiring online services likely accessed by children to prioritize their privacy and safety by design and default.

California
2024-07-01
california-aadcchildrens-privacyprivacy-by-design+3
6 requirements4 standards

UK Children's Code

UK Age Appropriate Design Code (Children's Code)

UK statutory code requiring online services likely accessed by children to follow data protection standards that put children's best interests first.

United Kingdom
2021-09-02
uk-childrens-codechildrens-privacyprivacy-by-design+3
6 requirements4 standards

GLBA Safeguards Rule

FTC Safeguards Rule (Gramm-Leach-Bliley Act)

U.S. FTC rule requiring financial institutions to implement a documented information security program to protect customer data.

United States
2003-05-23
glba-safeguards-rulefinancial-datainformation-security-program+3
6 requirements4 standards

J-SOX

Japan Financial Instruments and Exchange Act — Internal Control Reporting (J-SOX)

Japanese internal control reporting requirements for listed companies over financial reporting, modeled on the U.S. Sarbanes-Oxley Act.

Japan
2008-04-01
jsoxinternal-controlsfinancial-reporting+3
6 requirements3 standards

SOCI Act

Australian Security of Critical Infrastructure Act 2018

Australian law imposing security, risk management, and incident reporting obligations on owners and operators of critical infrastructure assets.

Australia
2018-07-11
soci-actcritical-infrastructurerisk-management-program+3
6 requirements4 standards

Marco Civil

Brazilian Civil Rights Framework for the Internet (Marco Civil da Internet)

Brazilian law establishing principles, rights, and duties for internet use, including net neutrality, privacy, and intermediary liability rules.

Brazil
2014-06-23
marco-civilnet-neutralityinternet-rights+3
6 requirements3 standards

EU Machinery Regulation

EU Machinery Regulation (Regulation (EU) 2023/1230)

EU regulation setting health, safety, and cybersecurity requirements for machinery and related products, including digital and AI-enabled systems.

European Union
2027-01-20
eu-machinery-regulationmachinery-safetyindustrial-cybersecurity+3
6 requirements4 standards

HHS 405(d) HICP

HHS 405(d) Health Industry Cybersecurity Practices

U.S. HHS program providing voluntary, consensus-based cybersecurity practices to reduce threats across the healthcare and public health sector.

United States
2018-12-28
hhs-405dhealthcare-cybersecurityhicp+3
6 requirements4 standards

EU RED Cyber

EU Radio Equipment Directive Cybersecurity Delegated Regulation (EU) 2022/30

EU delegated regulation activating cybersecurity requirements for internet-connected radio equipment, protecting networks, privacy, and against fraud.

European Union
2025-08-01
eu-red-cybersecurityradio-equipmentiot+3
6 requirements4 standards