Cybersecurity for SMEs
The complete guide to cybersecurity compliance for small and medium enterprises. Discover which regulations apply to your business, the requirements to meet, the penalties involved and the compliance costs for your sector.
Cybersecurity Compliance by Sector
Banks & Credit
Banks, credit institutions and financial intermediaries
Discover regulationsInsurance
Insurance and reinsurance companies
Discover regulationsFinance & Investments
Asset management companies, investment firms and fintech
Discover regulationsEnergy
Electricity, gas and oil producers, distributors and suppliers
Discover regulationsTransport
Air, rail, maritime and road transport operators
Discover regulationsHealthcare
Hospitals, clinics, laboratories and healthcare providers
Discover regulationsManufacturing
Manufacturing industry, production and industrial automation
Discover regulationsDigital & IT
Software houses, system integrators, MSPs and tech companies
Discover regulationsTelecommunications
Telecom operators, ISPs and communication service providers
Discover regulationsPublic Administration
Municipalities, regions, ministries and public bodies
Discover regulationsRetail & Commerce
Large-scale distribution, e-commerce and retail chains
Discover regulationsFood & Agriculture
Food production, processing and distribution
Discover regulationsChemical & Pharmaceutical
Chemical, pharmaceutical and biotech industry
Discover regulationsWater & Utilities
Water management, sewage networks and environmental services
Discover regulationsTrust Services
Certification authorities, identity providers and trust service providers
Discover regulationsSpace & Aerospace
Space, satellite and aerospace industry
Discover regulationsPostal & Courier Services
Postal operators, express couriers and logistics
Discover regulationsProfessional Services
Law firms, consultancies, accountants and auditors
Discover regulationsDigital Infrastructure
Data centres, cloud providers, CDNs and IXPs
Discover regulationsOther Sectors
Companies in other sectors with basic cybersecurity obligations
Discover regulationsSupported Cybersecurity Regulations
ComplyDev covers the 13 main European regulations on cybersecurity, data protection and digital resilience.
GDPR
EU Regulation 2016/679
Personal data protection in the European Union
NIS2
DeadlineEU Directive 2022/2555 - Legislative Decree 138/2024
Network and information security for essential and important entities
DORA
DeadlineEU Regulation 2022/2554
Digital operational resilience for the financial sector
ISO 27001
ISO/IEC 27001:2022 - International standard
Information Security Management System (ISMS)
PCI-DSS
PCI-DSS v4.0 (effective March 31, 2024)
Security standard for entities that handle, process, or transmit payment card data
PSNC
Law 133/2019 - Decree-Law 105/2019
Protection of national critical infrastructure
Circolare 285
Circular No. 285 of December 17, 2013 (continuously updated)
Prudential supervisory provisions for banks (Title IV, Ch. 4-5)
IVASS 38
IVASS Regulation No. 38 of July 3, 2018
Corporate governance system for insurance undertakings
eIDAS
DeadlineEU Regulation 910/2014 + EU Regulation 2024/1183 (eIDAS 2.0)
Digital identity and qualified trust services (digital signature, certified email, time stamp)
CAD
Legislative Decree 82/2005 (and subsequent amendments)
Digitalization of Public Administration
AgID
AgID Circular No. 2/2017 + subsequent Guidelines
Minimum ICT security measures for Public Administrations
AI Act
DeadlineEU Regulation 2024/1689
Regulation of artificial intelligence systems in the EU with a risk-based approach. Phased application: prohibited practices from Feb 2, 2025, GPAI obligations from Aug 2, 2025, high-risk systems from Aug 2, 2026
Verify Your Company's Compliance
In just a few minutes, discover which regulations apply to your SME, your current compliance level and the priority actions to take.
Start Free Assessment