UK

Data Protection Act 2018 (DPA 2018)

Implements the GDPR into UK law governing the use of personal data.

UK

General Data Protection Regulation (GDPR) (UK version)

Post-Brexit the UK GDPR works alongside DPA 2018 to protect personal data and privacy.

UK

Network and Information Systems (NIS) Regulations 2018

Implements the EU NIS Directive to improve cybersecurity resilience for essential services (e.g. energy, water, healthcare).

UK

Computer Misuse Act 1990

Criminalizes unauthorized access to computers and systems covering hacking and related cybercrimes.

UK

Telecommunications (Security) Act 2021

Sets requirements for telecom providers to secure their networks and services including supply chain security.

UK

Investigatory Powers Act 2016 (IPA)

Provides government agencies with the authority to conduct surveillance, intercept communications, and collect data under certain conditions.

US

Health Insurance Portability and Accountability Act (HIPAA)

Sets standards for securing sensitive health information (PHI) and regulating breaches.

US

Gramm-Leach-Bliley Act (GLBA)

Requires financial institutions to safeguard sensitive customer information.

US

Federal Information Security Modernization Act (FISMA)

Governs the security of federal government information systems.

US

Cybersecurity Information Sharing Act (CISA) 2015

Facilitates information sharing between private companies and government agencies to improve cyber defenses.

US

Sarbanes-Oxley Act (SOX) 2002

Imposes cybersecurity and information security requirements on financial reporting systems of public companies.

US

California Consumer Privacy Act (CCPA)

Provides California residents with rights over their personal data and imposes requirements on businesses that handle personal data.

US

New York SHIELD Act

Mandates businesses that collect personal data on New York residents to implement data security measures.

EU

General Data Protection Regulation (GDPR)

The key EU regulation protecting personal data and privacy impacting any business handling EU citizens' data.

EU

Network and Information Security (NIS) Directive (NIS2)

Aims to improve cybersecurity across critical sectors in Europe by enforcing security measures for essential services and critical infrastructure.

EU

ePrivacy Directive (Directive 2002/58/EC)

Focuses on the privacy and security of communications governing areas like cookies, electronic marketing, and communication confidentiality.

EU

Cybersecurity Act 2019

Introduced a framework for cybersecurity certification of ICT products, services, and processes in the EU ensuring better protection for digital services and infrastructure.

EU

Digital Operational Resilience Act (DORA)

Targets financial institutions ensuring that firms across the financial sector have adequate cybersecurity and resilience measures in place.

EU

Electronic Identification and Trust Services (eIDAS) Regulation

Sets standards for electronic identification and trust services for secure online transactions in the EU.