Cybersecurity SME
Check Compliance

Cybersecurity for the Banks & Credit Sector

Banks, credit institutions and financial intermediaries. 50-5000 employees.

Applicable Regulations

GDPR

19 guides

EU Regulation 2016/679

Personal data protection in the European Union

Penalties: Up to €20M or 4% of annual global turnover
Authority: Data Protection Authority (Garante per la Protezione dei Dati Personali)
Explore guides

NIS2

19 guides

EU Directive 2022/2555 - Legislative Decree 138/2024

Network and information security for essential and important entities

Penalties: Up to €10M or 2% of annual turnover
Authority: ACN - National Cybersecurity Agency
Deadline: October 17, 2024
Explore guides

DORA

18 guides

EU Regulation 2022/2554

Digital operational resilience for the financial sector

Penalties: Up to €10M or 5% of annual turnover
Authority: EBA, ESMA, EIOPA (ESAs) - Bank of Italy in Italy
Deadline: January 17, 2025
Explore guides

ISO 27001

17 guides

ISO/IEC 27001:2022 - International standard

Information Security Management System (ISMS)

Penalties: N/A (voluntary standard)
Authority: Accredited certification bodies (Accredia in Italy)
Explore guides

PCI-DSS

17 guides

PCI-DSS v4.0 (effective March 31, 2024)

Security standard for entities that handle, process, or transmit payment card data

Penalties: Fines from card networks (Visa, Mastercard) up to $500K/month + revocation
Authority: PCI Security Standards Council
Explore guides

PSNC

16 guides

Law 133/2019 - Decree-Law 105/2019

Protection of national critical infrastructure

Penalties: Criminal and administrative penalties up to €150K
Authority: ACN - National Cybersecurity Agency
Explore guides

Circolare 285

16 guides

Circular No. 285 of December 17, 2013 (continuously updated)

Prudential supervisory provisions for banks (Title IV, Ch. 4-5)

Penalties: Administrative penalties + formal reprimands from Bank of Italy
Authority: Bank of Italy
Explore guides

IVASS 38

16 guides

IVASS Regulation No. 38 of July 3, 2018

Corporate governance system for insurance undertakings

Penalties: Administrative penalties from IVASS
Authority: IVASS - Institute for the Supervision of Insurance
Explore guides

eIDAS

16 guides

EU Regulation 910/2014 + EU Regulation 2024/1183 (eIDAS 2.0)

Digital identity and qualified trust services (digital signature, certified email, time stamp)

Penalties: Up to €5M or 2% of annual turnover
Authority: AgID - Agency for Digital Italy
Deadline: May 20, 2026
Explore guides

CAD

16 guides

Legislative Decree 82/2005 (and subsequent amendments)

Digitalization of Public Administration

Penalties: Managerial liability + administrative penalties
Authority: AgID - Agency for Digital Italy
Explore guides

AgID

16 guides

AgID Circular No. 2/2017 + subsequent Guidelines

Minimum ICT security measures for Public Administrations

Penalties: Managerial liability + administrative penalties
Authority: AgID - Agency for Digital Italy
Explore guides

AI Act

20 guides

EU Regulation 2024/1689

Regulation of artificial intelligence systems in the EU with a risk-based approach. Phased application: prohibited practices from Feb 2, 2025, GPAI obligations from Aug 2, 2025, high-risk systems from Aug 2, 2026

Penalties: Up to €35M or 7% of turnover (prohibited practices); €15M or 3% (other obligations); €7.5M or 1% (inaccurate information). SMEs: proportionate caps
Authority: AI Office (EU Commission) + AgID (Italy)
Deadline: August 2, 2026
Explore guides

Discover Your Compliance Level for Banks & Credit

Check in just a few minutes which regulations apply to your banks & credit business and the priority actions to become compliant.

Start Free Assessment