Киберсигурност МСП
Провери съответствие

Киберсигурност за МСП

Пълният наръчник за съответствие с киберсигурността за малки и средни предприятия. Разберете кои регулации се прилагат за вашия бизнес, изискванията за спазване, предвидените санкции и разходите за съответствие за вашия сектор.

Съответствие с киберсигурността по сектор

Банки и кредитиране

Банки, кредитни институции и финансови посредници

Открийте регулациите

Застраховане

Застрахователни и презастрахователни дружества

Открийте регулациите

Финанси и инвестиции

Управляващи дружества, инвестиционни посредници и финтех

Открийте регулациите

Енергетика

Производители, разпределители и доставчици на електричество, газ и нефт

Открийте регулациите

Транспорт

Въздушни, железопътни, морски и пътни транспортни оператори

Открийте регулациите

Здравеопазване

Болници, клиники, лаборатории и доставчици на здравни услуги

Открийте регулациите

Производство

Преработваща промишленост, производство и индустриална автоматизация

Открийте регулациите

Дигитални услуги и ИТ

Софтуерни фирми, системни интегратори, MSP и технологични компании

Открийте регулациите

Телекомуникации

Телекомуникационни оператори, ISP и доставчици на комуникационни услуги

Открийте регулациите

Публична администрация

Общини, региони, министерства и публични институции

Открийте регулациите

Търговия на дребно

Голяма дистрибуция, електронна търговия и вериги магазини

Открийте регулациите

Хранителна промишленост и земеделие

Производство, преработка и дистрибуция на храни

Открийте регулациите

Химия и фармация

Химическа, фармацевтична и биотехнологична промишленост

Открийте регулациите

Водоснабдяване и комунални услуги

Водоснабдителни дружества, канализационни мрежи и екологични услуги

Открийте регулациите

Удостоверителни услуги

Удостоверяващи органи, доставчици на идентичност и доставчици на удостоверителни услуги

Открийте регулациите

Космическа и авиационна индустрия

Космическа, сателитна и аерокосмическа индустрия

Открийте регулациите

Пощенски и куриерски услуги

Пощенски оператори, експресни куриери и логистика

Открийте регулациите

Професионални услуги

Адвокатски кантори, консултанти, счетоводители и одитори

Открийте регулациите

Цифрова инфраструктура

Центрове за данни, облачни доставчици, CDN и IXP

Открийте регулациите

Други сектори

Компании от други сектори с основни задължения за киберсигурност

Открийте регулациите

Поддържани регулации за киберсигурност

ComplyDev обхваща 13-те основни европейски регулации в областта на киберсигурността, защитата на данните и цифровата устойчивост.

2011. evi CXII. torveny az informacios onrendelkezesi jogrol (Info Act - GDPR adapted)

Краен срок

INFOTV

All organizations processing personal data. Authority: NAIH.

National penalties apply

2024. evi LXIX. torveny Magyarorszag kiberbiztonsigirol (Cybersecurity Act - NIS2 transposition)

Краен срок

KIBERT2024

Essential and important entities. Authority: SZTFH / NBSZ-NKI.

National penalties apply

ACN Determination - NIS2 Security Measures

Краен срок

Determina ACN 38565/2025

Soggetti essenziali e importanti registrati presso ACN. Authority: ACN - Agenzia per la Cybersicurezza Nazionale.

Sanzioni previste dal D.Lgs. 138/2024

ACPR IT Security Instructions for Financial Sector

Краен срок

Instruction ACPR 2014-I-07

Etablissements de credit et d'assurance sous supervision ACPR. Authority: ACPR (Autorite de Controle Prudentiel et de Resolution).

Disciplinary sanctions by ACPR

Act 181/2014 on Cyber Security (NIS1)

Краен срок

Zakon c. 181/2014 Sb.

Operators of essential services, critical information infrastructure. Authority: NUKIB.

Up to CZK 5,000,000

Act L of 2013 on Electronic Information Security of State and Local Government Bodies

Краен срок

2013. evi L. torveny

Allami es onkormanyzati szervek, kozfeladatot ellato szervek. Authority: SZTFH (previously SZSZ / NISZ).

Up to HUF 3,000,000

Act on Electronic Communications Services - Security Obligations

Краен срок

917/2014

Televiestintaverkkojen ja -palvelujen tarjoajat. Authority: Traficom.

Up to EUR 1,000,000

AGID - Misure Minime Sicurezza ICT PA (Circolare 2/2017)

Краен срок

AGID

Национални задължения за киберсигурност и съответствие за организациите, попадащи в обхвата на този регламент.

Прилагат се национални санкции

AI Act

Краен срок

Регламент ЕС 2024/1689 (AI Act)

Регламентът на ЕС за изкуствения интелект установява първата в света цялостна правна рамка за ИИ. Класифицира системите за ИИ по ниво на риск и определя изисквания за ИИ с висок риск, включително прозрачност, човешки надзор и надеждност.

До 35 млн. EUR или 7% от глобалния оборот за най-сериозните нарушения

Arrete Royal du 9 juin 2024 (NIS2 Royal Decree)

Краен срок

ARNIS2

Detailed measures for NIS2 implementation. Authority: CCB.

National penalties apply

Asmens duomenu teisinies apsaugos istatymas (Personal Data Protection Act)

Краен срок

ADAI

All organizations processing personal data. Authority: VDAI.

National penalties apply

BaFin IT Requirements for Capital Management Companies

Краен срок

KAIT (BaFin Rundschreiben 11/2019)

Kapitalverwaltungsgesellschaften (KVG). Authority: BaFin.

Regulatory measures by BaFin including license revocation

Banco de Portugal Notice 1/2021 - ICT Risk Management

Краен срок

Aviso BdP n. 1/2021

Instituicoes de credito e empresas de investimento. Authority: Banco de Portugal.

Regulatory sanctions by Banco de Portugal

Bank of Greece IT Risk Management Framework

Краен срок

BoG Governor Act 2577/2006 (as amended)

Pistotika idrymata kai epicheiriseis ependyseon. Authority: Trapeza tis Ellados (Bank of Greece).

Regulatory sanctions by Bank of Greece

Bank of Lithuania Resolution on ICT Management Requirements

Краен срок

LB Nutarimas Nr. 03-18 (2020)

Kredito istaigas, draudimo imones, mokejimo istaigas. Authority: Lietuvos bankas (Bank of Lithuania).

Regulatory sanctions by Bank of Lithuania

Bank of Slovenia Decision on Information Security Management

Краен срок

Sklep BS (Ur. l. RS 73/2018)

Kreditne institucije in poddruznice tujih bank. Authority: Banka Slovenije.

Regulatory sanctions by Bank of Slovenia

Bank of Spain Circular 2/2023 on Technology Risk Supervision

Краен срок

Circular 2/2023 BdE

Entidades de credito y proveedores de servicios de pago. Authority: Banco de Espana.

Regulatory sanctions by Banco de Espana

Bankaufsichtliche Anforderungen an die IT

Краен срок

BAIT

Banks and financial service providers. Authority: BaFin.

National penalties apply

Bankitalia 285 - Disposizioni di Vigilanza Banche (Titolo IV)

Краен срок

BANKITALIA285

Национални задължения за киберсигурност и съответствие за организациите, попадащи в обхвата на този регламент.

Прилагат се национални санкции

Bankwesengesetz - IT security provisions

Краен срок

BWG

Banks, credit institutions. Authority: FMA / OeNB.

National penalties apply

Baseline Informatiebeveiliging Overheid

Краен срок

BIO

All government entities (Rijksoverheid, municipalities, provinces, water boards). Authority: Ministerie van BZK.

National penalties apply

BNR Norm 4/2018 on IT Operational Risk Management

Краен срок

Norma BNR nr. 4/2018

Institutii de credit si institutii financiare. Authority: Banca Nationala a Romaniei (BNR).

Regulatory sanctions by BNR

BSI-Gesetz / NIS2-Umsetzungsgesetz (NIS2UmsuCG)

Краен срок

BSIG

Essential and important entities (~29,000 organizations across all NIS2 sectors). Authority: BSI.

National penalties apply

Bundesdatenschutzgesetz (Federal Data Protection Act)

Краен срок

BDSG

All organizations processing personal data in Germany. Authority: BfDI.

National penalties apply

CAA Circular on Insurance Sector IT Security

Краен срок

Circulaire CAA 20/10

Entreprises d'assurance et de reassurance. Authority: CAA (Commissariat aux Assurances).

Regulatory sanctions by CAA

CAD - Codice Amministrazione Digitale (D.Lgs. 82/2005)

Краен срок

CAD

Национални задължения за киберсигурност и съответствие за организациите, попадащи в обхвата на този регламент.

Прилагат се национални санкции

CBI Cross-Industry Guidance on IT and Cybersecurity Risks

Краен срок

CBICROSS

Financial services firms regulated by CBI. Authority: CBI.

National penalties apply

CBI Operational Resilience Guidelines

Краен срок

CBIOPRES

Banks, insurance companies, investment firms. Authority: CBI.

National penalties apply

CFCS regulations on cybersecurity in critical sectors

Краен срок

CFCSBEKENDTGOERELSE

Critical sector operators (energy, transport, health, etc.). Authority: CFCS.

National penalties apply

Critical Infrastructure Act

Краен срок

NN 56/2013

Operatori kljucnih infrastruktura. Authority: Ministarstvo unutarnjih poslova.

HRK 50,000 to 500,000

Critical Infrastructure Act

Краен срок

ZKI (Ur. l. RS 75/2017)

Operatorji kljucne infrastrukture. Authority: Ministrstvo za obrambo.

EUR 10,000 to 60,000

CSIRT KNF - Financial Sector CSIRT

Краен срок

CSIRTKNF

Financial sector entities. Authority: KNF.

National penalties apply

CSSF Circulars on IT outsourcing and cybersecurity (17/654, 22/806)

Краен срок

CSSFCIRC

Financial sector entities. Authority: CSSF.

National penalties apply

Cyber-Security-Gesetz (CSG - amended for NIS2 transposition)

Краен срок

CSG

Essential and important entities. Authority: Amt fuer Kommunikation.

National penalties apply

Cyberbeveiligingswet (Cybersecurity Act - NIS2 transposition)

Краен срок

CBW

~8,000 essential and important entities. Authority: NCSC-NL.

National penalties apply

CyberFundamentals Framework (CyFun)

Краен срок

CYBERFUN

Voluntary/recommended framework for NIS2 compliance proof. Authority: CCB.

National penalties apply

Cybersaekerhetslag (Proposition 2025/26:28 - NIS2 transposition)

Краен срок

CYBERLAG

Essential and important entities in 18 sectors. Authority: MSB / PTS / Sector supervisors.

National penalties apply

Danish FSA IT Security Requirements for Financial Sector

Краен срок

BEK nr. 1580 af 17/12/2019

Pengeinstitutter, forsikringsselskaber og vaerdipapirhandlere. Authority: Finanstilsynet.

Regulatory measures by Finanstilsynet

Data Protection Act (Cap. 586 - GDPR implementation)

Краен срок

DPACT

All organizations processing personal data. Authority: IDPC.

National penalties apply

Data Protection Act 2018 (GDPR implementation)

Краен срок

DPA2018

All organizations processing personal data. Authority: DPC.

National penalties apply

Databeskyttelsesloven (Lov nr. 502/2018 - GDPR implementation)

Краен срок

DATABESKYTTELSESLOVEN

All organizations processing personal data. Authority: Datatilsynet.

National penalties apply

Datenschutzgesetz (Data Protection Act - GDPR implementation)

Краен срок

DSG_LI

All organizations processing personal data. Authority: Datenschutzstelle.

National penalties apply

Datenschutzgesetz (Federal Data Protection Act)

Краен срок

DSG

All organizations processing personal data in Austria. Authority: DSB.

National penalties apply

Decreto-Lei 125/2025 - Regime Juridico da Ciberseguranca (NIS2 transposition)

Краен срок

DL125

Essential and important entities, public administration. Authority: CNCS.

National penalties apply

Decreto-Lei 65/2021 (original NIS transposition - replaced by DL125)

Краен срок

DL65

Operators of essential services. Authority: CNCS.

National penalties apply

DNB Good Practice Information Security

Краен срок

DNB Guidance 2019

Financiele instellingen onder toezicht van DNB. Authority: De Nederlandsche Bank (DNB).

DNB regulatory measures

DORA

Краен срок

Регламент ЕС 2022/2554

Законът за дигиталната оперативна устойчивост (DORA) укрепва дигиталната устойчивост на финансовия сектор на ЕС. Установява единна рамка за управление на ИКТ риска, тестване и докладване на инциденти за финансови субекти.

До 1% от средния дневен оборот за всеки ден на нарушение (за финансови субекти)

E-ITS Baseline Security Controls (national standard)

Краен срок

EITS

Public sector and regulated entities. Authority: RIA.

National penalties apply

EFSA Guidelines on IT Risk Management for Financial Sector

Краен срок

Finantsinspektsiooni soovituslik juhend (2020)

Krediidiasutused, kindlustusseltsid, investeerimisettevotted. Authority: Finantsinspektsioon (EFSA).

Regulatory sanctions by EFSA

eIDAS

Краен срок

Регламент ЕС 910/2014 (eIDAS)

Регламентът eIDAS (Електронна идентификация и доверителни услуги) създава правна рамка за електронна идентификация и доверителни услуги в ЕС. Обхваща електронни подписи, печати, времеви марки и удостоверяване на уебсайтове.

Варира според държавата-членка на ЕС; загуба на акредитация за квалифицирани доставчици

Elektronines informacijos saugos istatymas (Electronic Information Security Act)

Краен срок

EISI

State information resources. Authority: NKSC.

National penalties apply

Esquema Nacional de Seguridad - Real Decreto 311/2022

Краен срок

ENS

Public sector, public service providers, critical infrastructure. Authority: CCN / Ministerio de Asuntos Economicos.

National penalties apply

FCMC Regulations on IT and Security Risk Management

Краен срок

FKTK normativie noteikumi 233 (2020)

Kreditiestades, apdrosinasanas sabiedribas, ieguldijumu uznemumi. Authority: FKTK (Finansu un kapitala tirgus komisija) / Latvijas Banka.

Regulatory sanctions by Latvijas Banka

FFFS 2014:5 Informationssaekerhet, it-verksamhet

Краен срок

FFFS20145

Banks, securities companies, credit market companies. Authority: Finansinspektionen.

National penalties apply

Finanssivalvonta Standards and Regulations on IT risk management

Краен срок

FINFSASTANDARDS

Banks, insurance companies, pension funds, investment firms. Authority: Finanssivalvonta.

National penalties apply

Fizisko personu datu apstrades likums (Personal Data Processing Act - GDPR implementation)

Краен срок

FPDAL

All organizations processing personal data. Authority: DVI.

National penalties apply

FMA IT Security Regulation for Financial Sector

Краен срок

FMA-IT-SichV 2021

Kreditinstitute, Versicherungsunternehmen, Wertpapierfirmen. Authority: FMA (Finanzmarktaufsicht).

Regulatory measures by FMA

GDPR

Регламент ЕС 2016/679

Общият регламент за защита на данните (GDPR) установява правила за защита на физическите лица при обработката на лични данни. Прилага се за всички компании, обработващи данни на граждани на ЕС, независимо от местонахождението.

До 4% от глобалния годишен оборот или 20 млн. EUR (което е по-голямо)

General Security Policy for Health Information Systems

Краен срок

Art. L.1110-4-1 Code de la sante publique

Tous les acteurs du secteur sante manipulant des donnees de sante. Authority: ANS / Ministere de la Sante.

Sanctions by ARS or administrative authorities

Health Service Executive Data Protection and Cybersecurity Framework

Краен срок

Health Act 2004 (as amended), HSE Policy

Healthcare organisations in the public health system. Authority: HSE (Health Service Executive).

Compliance enforcement through HSE governance

Hebergement de Donnees de Sante (HDS Certification)

Краен срок

HDS

Organizations hosting health data. Authority: ANS / Ministere de la Sante.

National penalties apply

IKT-forskrift for finansforetak (IKT regulation for financial entities)

Краен срок

IKT_FORSKRIFT

Banks, insurance, pension, securities firms. Authority: Finanstilsynet.

National penalties apply

Informationssicherheitsgesetz (currently in preparation)

Краен срок

IBSG

Federal administration IT security. Authority: BKA.

National penalties apply

Isikuandmete kaitse seadus (Personal Data Protection Act)

Краен срок

IKSSEADUS

All organizations processing personal data. Authority: AKI.

National penalties apply

ISO 27001

ISO/IEC 27001:2022

ISO/IEC 27001 е международният стандарт за системи за управление на информационната сигурност (ISMS). Осигурява систематичен подход към управлението на чувствителна информация, гарантирайки нейната поверителност, цялостност и наличност.

Загуба на сертификация, договорни санкции, репутационни щети

IT-Sicherheitsgesetz 2.0

Краен срок

ITSIG2

KRITIS operators (energy, water, health, transport, finance, IT, telecoms, food, waste). Authority: BSI.

National penalties apply

Italian Data Protection Code (as amended by D.Lgs. 101/2018)

Краен срок

D.Lgs. 196/2003

Tutti i soggetti che trattano dati personali in Italia. Authority: Garante per la Protezione dei Dati Personali.

Fino a 20 milioni di euro o 4% del fatturato mondiale annuo

IVASS 38 - Regolamento Governance Sistema Informativo (Reg. 38/2018)

Краен срок

IVASS38

Национални задължения за киберсигурност и съответствие за организациите, попадащи в обхвата на този регламент.

Прилагат се национални санкции

Kibernetinio saugumo istatymas (Cybersecurity Act - amended for NIS2)

Краен срок

KSI

~2,000 cybersecurity entities in essential and important sectors. Authority: NKSC / KAM (Ministry of National Defence).

National penalties apply

KNF Recommendation D - Management of IT and ICT Environment

Краен срок

KNFREKOM

Banks, credit institutions. Authority: KNF.

National penalties apply

KRITIS-Verordnung (BSI-KritisV)

Краен срок

KRITISV

Critical infrastructure operators above threshold values. Authority: BSI.

National penalties apply

Kuberturvalisuse seadus (Cybersecurity Act - amended for NIS2)

Краен срок

KYBSEADUS

Essential and important entities + research institutions. Authority: RIA / CERT-EE.

National penalties apply

KYA 1689/2025 - National Cybersecurity Requirements Framework

Краен срок

KYA1689

Critical and important entities. Authority: NCSA.

National penalties apply

Kyberturvallisuuslaki (Cybersecurity Act - NIS2 transposition)

Краен срок

KYBERLAKI

Essential and important entities in 18 sectors. Authority: Traficom / Kyberturvallisuuskeskus + 6 sectoral supervisors.

National penalties apply

Lag med kompletterande bestammelser till EU:s dataskyddsfoerordning (2018:218)

Краен срок

PDLAG

All organizations processing personal data in Sweden. Authority: IMY.

National penalties apply

Laki julkisen hallinnon tiedonhallinnasta (906/2019 - Information Management Act)

Краен срок

JULKICTLAKI

Public administration entities. Authority: Digi- ja vaestotietovirasto.

National penalties apply

Legea 124/2025 (consolidation of NIS2 transposition)

Краен срок

LEGEA124

Essential and important entities. Authority: DNSC.

National penalties apply

Legea 190/2018 (GDPR implementation)

Краен срок

LEGEA190

All organizations processing personal data. Authority: ANSPDCP.

National penalties apply

Legea 362/2018 (original NIS transposition)

Краен срок

LEGEA362

Operators of essential services. Authority: CERT-RO.

National penalties apply

Legislative Decree 138/2024 - NIS2 Transposition

Краен срок

D.Lgs. 138/2024

Soggetti essenziali e importanti nei 18 settori NIS2 (50+ dipendenti o 10M+ fatturato). Authority: ACN - Agenzia per la Cybersicurezza Nazionale.

Fino a 10 milioni di euro o 2% del fatturato mondiale annuo

Lei 58/2019 (GDPR implementation)

Краен срок

LEI58

All organizations processing personal data. Authority: CNPD.

National penalties apply

Ley 8/2011 de Proteccion de Infraestructuras Criticas

Краен срок

LPIC

Critical infrastructure operators (12 strategic sectors). Authority: CNPIC / Ministerio del Interior.

National penalties apply

Ley de Coordinacion y Gobernanza de la Ciberseguridad (NIS2 transposition)

Краен срок

LCGC

Essential and important entities. Authority: Centro Nacional de Ciberseguridad.

National penalties apply

Ley Organica 3/2018 de Proteccion de Datos y Garantia de Derechos Digitales

Краен срок

LOPDGDD

All organizations processing personal data in Spain. Authority: AEPD.

National penalties apply

Log um netoryggi 78/2019 (Cyber-Security Act)

Краен срок

NETORYGGI

Critical infrastructure operators. Authority: Fjarskiptastofa / CERT-IS.

National penalties apply

Log um personuvernd 90/2018 (GDPR implementation)

Краен срок

PERSONUVERNDARLÖG

All organizations processing personal data. Authority: Personuvernd.

National penalties apply

Loi de Programmation Militaire (LPM 2024-2030) - Art. cyber OIV

Краен срок

LPM

Operateurs d'Importance Vitale (OIV). Authority: ANSSI / SGDSN.

National penalties apply

Loi du 1er aout 2018 portant organisation de la CNPD (GDPR implementation)

Краен срок

LPDP_LU

All organizations processing personal data. Authority: CNPD.

National penalties apply

Loi du 1er juillet 2011 relative a la securite et la protection des infrastructures critiques

Краен срок

LSRI

Critical infrastructure operators. Authority: Centre de crise national.

National penalties apply

Loi du 26 avril 2024 etablissant un cadre pour la cybersecurite des reseaux et des systemes d'information

Краен срок

LNIS2

Essential and important entities in 18 NIS2 sectors. Authority: CCB.

National penalties apply

Loi du 30 juillet 2018 relative a la protection des personnes physiques (GDPR implementation)

Краен срок

LPDP

All organizations processing personal data in Belgium. Authority: APD/GBA.

National penalties apply

Loi Informatique et Libertes (Loi n.78-17 modifiee)

Краен срок

LOIINFORMATIQUE

All organizations processing personal data in France. Authority: CNIL.

National penalties apply

Loi pour la Confiance dans l'Economie Numerique (Loi n.2004-575)

Краен срок

LCEN

Digital economy operators, e-commerce, ISPs. Authority: Gouvernement.

National penalties apply

Loi relative a la resilience des infrastructures critiques et au renforcement de la cybersecurite (NIS2 transposition)

Краен срок

LRICRC

Essential and important entities in 18 sectors. Authority: ANSSI.

National penalties apply

Lov om digital sikkerhet (Digital Security Act - based on NIS1 with NIS2 elements)

Краен срок

DIGSIKHETSLOV

Essential service providers, digital infrastructure. Authority: NSM + sector regulators.

National penalties apply

Malta Digital Innovation Authority Act (Cap. 591)

Краен срок

MDIA

Technology arrangements and innovative technology services. Authority: MDIA.

National penalties apply

MFSA ICT Risk Management Requirements for Financial Sector

Краен срок

MFSA Banking Rule BR/22

Credit institutions, insurance undertakings, investment services licensees. Authority: MFSA (Malta Financial Services Authority).

Regulatory sanctions by MFSA

Ministru kabineta noteikumi Nr. 397 - Minimalas kiberdrosibas prasibas

Краен срок

MK397

Regulated entities under NKDL. Authority: National Cybersecurity Centre.

National penalties apply

MNB Recommendation on IT Security for Financial Institutions

Краен срок

MNB Ajnlas 8/2020

Hitelintezetek, biztositok, penzugyi valalatok. Authority: Magyar Nemzeti Bank (MNB).

Regulatory sanctions by MNB

Nacionalas kiberdrosibas likums (National Cybersecurity Law - NIS2 transposition)

Краен срок

NKDL

Essential and important entities. Authority: National Cybersecurity Centre / CERT.LV.

National penalties apply

Naredba za minimalnite iziskvaniya za mrezhova i informacionna sigurnost

Краен срок

Naredba za MMIS (prieta s PMS 186/2019)

Operators of essential services and digital service providers. Authority: State Agency for Cybersecurity.

BGN 5,000 to BGN 25,000 for first offence

National Cyber Security Bill 2024 (NIS2 transposition)

Краен срок

NCSB

Essential and important entities. Authority: NCSC.

National penalties apply

NBB Circular on ICT Security Expectations for Financial Institutions

Краен срок

Circulaire NBB_2015_32

Etablissements de credit, entreprises d'assurance, institutions de paiement. Authority: Banque Nationale de Belgique (NBB/BNB).

Regulatory sanctions by NBB

NBS Measure 3/2018 on IT Risk Management

Краен срок

Opatrenie NBS c. 3/2018

Banky, poistovne, investicne spolocnosti. Authority: Narodna banka Slovenska (NBS).

Regulatory sanctions by NBS

Network and Information Systems Security (Amendment) Law of 2025 (NIS2 transposition)

Краен срок

NIS2CY

Essential and important entities. Authority: DSA.

National penalties apply

Netz- und Informationssystemsicherheitsgesetz 2026 (NISG 2026 - NIS2 transposition)

Краен срок

NISG2026

~4,000 essential and important entities. Authority: NIS Buero / BMI.

National penalties apply

NIS2

Краен срок

Директива ЕС 2022/2555

Директивата NIS2 разширява и укрепва изискванията за киберсигурност в целия ЕС. Създава хармонизирана рамка за мерки за сигурност и докладване на инциденти за съществени и важни субекти.

До 10 млн. EUR или 2% от глобалния оборот за съществени субекти

NIS2-lov / Lov om foranstaltninger til sikring af et hojt faelles cybersikkerhedsniveau

Краен срок

NISDK

~6,000 essential and important entities. Authority: CFCS + Styrelsen for Samfundssikkerhed.

National penalties apply

Nomos 4624/2019 (GDPR implementation)

Краен срок

N4624

All organizations processing personal data. Authority: HDPA.

National penalties apply

Nomos 5160/2024 (NIS2 transposition - Law 5160/2024)

Краен срок

N5160

Essential and important entities. Authority: NCSA (Ethniki Archi Kybernoasfaleias).

National penalties apply

Ordonanta de Urgenta 155/2024 (NIS2 transposition)

Краен срок

OUG155

Essential and important entities. Authority: DNSC.

National penalties apply

Patient Data Act - Security Provisions

Краен срок

SFS 2008:355

Vardgivare som behandlar patientdata. Authority: Socialstyrelsen / IMY.

Regulatory sanctions by IVO and IMY

PCI-DSS

PCI DSS v4.0

Стандартът за сигурност на данните в индустрията за платежни карти (PCI DSS) е набор от стандарти за сигурност за защита на данни на платежни карти. Прилага се за всички субекти, обработващи, предаващи или съхраняващи данни на притежатели на карти.

От 5 000 до 100 000 USD/месец за нарушение, възможна загуба на способността за приемане на плащания

Personopplysningsloven (Personal Data Act - GDPR implementation)

Краен срок

PERSONOPPLYSNINGSLOVEN

All organizations processing personal data. Authority: Datatilsynet.

National penalties apply

Processing of Personal Data (Protection of the Individual) Law 2018

Краен срок

GDPRCY

All organizations processing personal data. Authority: Commissioner for Personal Data Protection.

National penalties apply

Projet de loi 8364 - Mesures pour un niveau eleve de cybersecurite (NIS2 transposition)

Краен срок

PL8364

~6,000-8,000 essential and important entities. Authority: ILR (most sectors) / CSSF (financial).

National penalties apply

PSNC - Perimetro Sicurezza Nazionale Cibernetica (D.L. 105/2019)

Краен срок

PSNC

Национални задължения за киберсигурност и съответствие за организациите, попадащи в обхвата на този регламент.

Прилагат се национални санкции

Real Decreto 1720/2007 (Reglamento LOPD)

Краен срок

RDLOPD

All data controllers and processors. Authority: AEPD.

National penalties apply

Regime Juridico da Seguranca do Ciberespaco (Lei 46/2018)

Краен срок

RJSE

Foundation cybersecurity law. Authority: CNCS.

National penalties apply

Regulation on National Interoperability Framework (KRI)

Краен срок

Rozp. RM z dnia 12 kwietnia 2012 r.

Podmioty realizujace zadania publiczne. Authority: Ministerstwo Cyfryzacji.

Administrative sanctions

S.L. 460.41 - Measures for a High Common Level of Cybersecurity (LN 71/2025 - NIS2 transposition)

Краен срок

SL46041

Essential and important entities. Authority: CIPD.

National penalties apply

Sakerhetsskyddslag (2018:585) - Security Protection Act

Краен срок

SAKERHETSSKYDDSLAGEN

Entities handling classified information, security-sensitive activities. Authority: Saekerhetspolisen (SAPO).

National penalties apply

SecNumCloud - Referentiel de qualification ANSSI

Краен срок

SECNUMCLOUD

Cloud service providers handling sensitive/government data. Authority: ANSSI.

National penalties apply

Sikkerhetsloven (Security Act)

Краен срок

SIKKHETSLOV

Entities handling classified info, critical infrastructure. Authority: NSM.

National penalties apply

Telecommunications Act - Security Provisions

Краен срок

Lov nr. 169 af 3/3/2011 (som aendret)

Udbydere af elektroniske kommunikationsnet og -tjenester. Authority: Erhvervsstyrelsen.

Fines per Danish penal code

Telecommunications Act 2021 - Security Provisions

Краен срок

TKG 2021 §§90-93

Anbieter oeffentlicher Kommunikationsnetze und -dienste. Authority: RTR-GmbH.

Up to EUR 50,000

Telecommunications Modernisation Act - IT Security Obligations

Краен срок

TKG 2021 §§165-169

Telekommunikationsanbieter und Betreiber oeffentlicher Telekommunikationsnetze. Authority: BNetzA / BSI.

Up to EUR 500,000

Tietosuojalaki 1050/2018 (Data Protection Act)

Краен срок

TSL

All organizations processing personal data in Finland. Authority: Tietosuojavaltuutettu.

National penalties apply

Uitvoeringswet AVG (GDPR Implementation Act)

Краен срок

UAVG

All organizations processing personal data in Netherlands. Authority: Autoriteit Persoonsgegevens.

National penalties apply

Uredba o kibernetickoj sigurnosti (NN 135/2024 - Implementing regulation)

Краен срок

UOKBS

Detailed measures, audit requirements. Authority: SOA.

National penalties apply

Ustawa o Krajowym Systemie Cyberbezpieczenstwa (nowelizacja - NIS2 transposition)

Краен срок

UKSC

Essential and important entities. Authority: Ministerstwo Cyfryzacji / CSIRT NASK / CSIRT GOV / CSIRT MON.

National penalties apply

Ustawa o ochronie danych osobowych (GDPR implementation)

Краен срок

UODO_ACT

All organizations processing personal data. Authority: UODO.

National penalties apply

Versicherungsaufsichtliche Anforderungen an die IT

Краен срок

VAIT

Insurance companies. Authority: BaFin.

National penalties apply

Vyhlaska NBU o kybernetickej bezpecnosti (NBU Cybersecurity Decree)

Краен срок

VYHKB_SK

Regulated entities. Authority: NBU.

National penalties apply

Vyhlaska o kyberneticke bezpecnosti (NUKIB Decree on cybersecurity measures)

Краен срок

VYHLKB

Regulated entities under ZOKB. Authority: NUKIB.

National penalties apply

Wet beveiliging netwerk- en informatiesystemen (current, until CBW)

Краен срок

WBNI

Vital service providers and digital service providers. Authority: NCSC-NL.

National penalties apply

Wet op de geneeskundige behandelingsovereenkomst + NEN 7510

Краен срок

WGS

Healthcare organizations, health data processors. Authority: Dutch Healthcare Authority.

National penalties apply

Zakon c. 18/2018 Z.z. o ochrane osobnych udajov (GDPR implementation)

Краен срок

ZOOU_SK

All organizations processing personal data. Authority: UOOU SK.

National penalties apply

Zakon c. 69/2018 Z.z. o kybernetickej bezpecnosti (amended for NIS2)

Краен срок

ZOKB_SK

~3,403 essential and important entities. Authority: NBU.

National penalties apply

Zakon o informacijski varnosti (ZInfV-1 - NIS2 transposition)

Краен срок

ZINFV1

Essential and important entities. Authority: URSIV / SI-CERT.

National penalties apply

Zakon o kibernetickoj sigurnosti (NN 14/2024 - NIS2 transposition)

Краен срок

ZOKBS

8,000-10,000 essential and important entities. Authority: SOA / CERT.hr / CIPD.

National penalties apply

Zakon o kyberneticke bezpecnosti c. 264/2025 Sb. (NIS2 transposition)

Краен срок

ZOKB

Essential and important entities in 15 sectors (50+ employees or 10M+ EUR turnover). Authority: NUKIB.

National penalties apply

Zakon o ochrane osobnich udaju (GDPR implementation)

Краен срок

ZOOU

All organizations processing personal data. Authority: UOOU.

National penalties apply

Zakon o provedbi Opce uredbe o zastiti podataka (GDPR implementation)

Краен срок

ZOZOP

All organizations processing personal data. Authority: AZOP.

National penalties apply

Zakon o varstvu osebnih podatkov (ZVOP-2 - GDPR implementation)

Краен срок

ZVOP2

All organizations processing personal data. Authority: IP.

National penalties apply

Zakon za kibersigurnostta (Cybersecurity Act - amended for NIS2)

Краен срок

ZOKBS_BG

18 sectors, essential and important entities. Authority: State Agency for Cybersecurity.

National penalties apply

Zakon za zashtita na lichnite danni (Personal Data Protection Act)

Краен срок

ZZLD

All organizations processing personal data. Authority: KZLD.

National penalties apply

Проверете съответствието на вашата компания

За няколко минути разберете кои регулации се прилагат за вашето МСП, текущото ви ниво на съответствие и приоритетните действия.

Започни безплатна оценка