Cybersecurity for the Banks & Credit Sector
Banks, credit institutions and financial intermediaries. 50-5000 employees.
Applicable Regulations
ACN Determination - NIS2 Security Measures
0 guidesDetermina ACN 38565/2025
Soggetti essenziali e importanti registrati presso ACN. Authority: ACN - Agenzia per la Cybersicurezza Nazionale.
ACPR IT Security Instructions for Financial Sector
0 guidesInstruction ACPR 2014-I-07
Etablissements de credit et d'assurance sous supervision ACPR. Authority: ACPR (Autorite de Controle Prudentiel et de Resolution).
AI Act
4 guidesEU Regulation 2024/1689
Regulation of artificial intelligence systems in the EU with a risk-based approach. Phased application: prohibited practices from Feb 2, 2025, GPAI obligations from Aug 2, 2025, high-risk systems from Aug 2, 2026
BaFin IT Requirements for Capital Management Companies
0 guidesKAIT (BaFin Rundschreiben 11/2019)
Kapitalverwaltungsgesellschaften (KVG). Authority: BaFin.
Banco de Portugal Notice 1/2021 - ICT Risk Management
0 guidesAviso BdP n. 1/2021
Instituicoes de credito e empresas de investimento. Authority: Banco de Portugal.
Bank of Greece IT Risk Management Framework
0 guidesBoG Governor Act 2577/2006 (as amended)
Pistotika idrymata kai epicheiriseis ependyseon. Authority: Trapeza tis Ellados (Bank of Greece).
Bank of Lithuania Resolution on ICT Management Requirements
0 guidesLB Nutarimas Nr. 03-18 (2020)
Kredito istaigas, draudimo imones, mokejimo istaigas. Authority: Lietuvos bankas (Bank of Lithuania).
Bank of Slovenia Decision on Information Security Management
0 guidesSklep BS (Ur. l. RS 73/2018)
Kreditne institucije in poddruznice tujih bank. Authority: Banka Slovenije.
Bank of Spain Circular 2/2023 on Technology Risk Supervision
0 guidesCircular 2/2023 BdE
Entidades de credito y proveedores de servicios de pago. Authority: Banco de Espana.
Bankaufsichtliche Anforderungen an die IT
0 guidesBAIT
Banks and financial service providers. Authority: BaFin.
Bankitalia 285 - Disposizioni di Vigilanza Banche (Titolo IV)
2 guidesBANKITALIA285
National cybersecurity and compliance obligations for organizations within the scope of this regulation.
Bankwesengesetz - IT security provisions
0 guidesBWG
Banks, credit institutions. Authority: FMA / OeNB.
BNR Norm 4/2018 on IT Operational Risk Management
0 guidesNorma BNR nr. 4/2018
Institutii de credit si institutii financiare. Authority: Banca Nationala a Romaniei (BNR).
CBI Cross-Industry Guidance on IT and Cybersecurity Risks
0 guidesCBICROSS
Financial services firms regulated by CBI. Authority: CBI.
CBI Operational Resilience Guidelines
0 guidesCBIOPRES
Banks, insurance companies, investment firms. Authority: CBI.
Critical Infrastructure Act
0 guidesNN 56/2013
Operatori kljucnih infrastruktura. Authority: Ministarstvo unutarnjih poslova.
Critical Infrastructure Act
0 guidesZKI (Ur. l. RS 75/2017)
Operatorji kljucne infrastrukture. Authority: Ministrstvo za obrambo.
CSIRT KNF - Financial Sector CSIRT
0 guidesCSIRTKNF
Financial sector entities. Authority: KNF.
CSSF Circulars on IT outsourcing and cybersecurity (17/654, 22/806)
0 guidesCSSFCIRC
Financial sector entities. Authority: CSSF.
Danish FSA IT Security Requirements for Financial Sector
0 guidesBEK nr. 1580 af 17/12/2019
Pengeinstitutter, forsikringsselskaber og vaerdipapirhandlere. Authority: Finanstilsynet.
DNB Good Practice Information Security
0 guidesDNB Guidance 2019
Financiele instellingen onder toezicht van DNB. Authority: De Nederlandsche Bank (DNB).
DORA
3 guidesEU Regulation 2022/2554
Digital operational resilience for the financial sector
EFSA Guidelines on IT Risk Management for Financial Sector
0 guidesFinantsinspektsiooni soovituslik juhend (2020)
Krediidiasutused, kindlustusseltsid, investeerimisettevotted. Authority: Finantsinspektsioon (EFSA).
eIDAS
2 guidesEU Regulation 910/2014 + EU Regulation 2024/1183 (eIDAS 2.0)
Digital identity and qualified trust services (digital signature, certified email, time stamp)
FCMC Regulations on IT and Security Risk Management
0 guidesFKTK normativie noteikumi 233 (2020)
Kreditiestades, apdrosinasanas sabiedribas, ieguldijumu uznemumi. Authority: FKTK (Finansu un kapitala tirgus komisija) / Latvijas Banka.
FFFS 2014:5 Informationssaekerhet, it-verksamhet
0 guidesFFFS20145
Banks, securities companies, credit market companies. Authority: Finansinspektionen.
Finanssivalvonta Standards and Regulations on IT risk management
0 guidesFINFSASTANDARDS
Banks, insurance companies, pension funds, investment firms. Authority: Finanssivalvonta.
FMA IT Security Regulation for Financial Sector
0 guidesFMA-IT-SichV 2021
Kreditinstitute, Versicherungsunternehmen, Wertpapierfirmen. Authority: FMA (Finanzmarktaufsicht).
GDPR
4 guidesEU Regulation 2016/679
Personal data protection in the European Union
IKT-forskrift for finansforetak (IKT regulation for financial entities)
0 guidesIKT_FORSKRIFT
Banks, insurance, pension, securities firms. Authority: Finanstilsynet.
ISO 27001
2 guidesISO/IEC 27001:2022 - International standard
Information Security Management System (ISMS)
KNF Recommendation D - Management of IT and ICT Environment
0 guidesKNFREKOM
Banks, credit institutions. Authority: KNF.
KRITIS-Verordnung (BSI-KritisV)
0 guidesKRITISV
Critical infrastructure operators above threshold values. Authority: BSI.
Legislative Decree 138/2024 - NIS2 Transposition
0 guidesD.Lgs. 138/2024
Soggetti essenziali e importanti nei 18 settori NIS2 (50+ dipendenti o 10M+ fatturato). Authority: ACN - Agenzia per la Cybersicurezza Nazionale.
Ley 8/2011 de Proteccion de Infraestructuras Criticas
0 guidesLPIC
Critical infrastructure operators (12 strategic sectors). Authority: CNPIC / Ministerio del Interior.
Loi de Programmation Militaire (LPM 2024-2030) - Art. cyber OIV
0 guidesLPM
Operateurs d'Importance Vitale (OIV). Authority: ANSSI / SGDSN.
Loi du 1er juillet 2011 relative a la securite et la protection des infrastructures critiques
0 guidesLSRI
Critical infrastructure operators. Authority: Centre de crise national.
MFSA ICT Risk Management Requirements (Banking Rule BR/22)
0 guidesMFSA Banking Rule BR/22
Credit institutions, insurance undertakings, investment services licensees. Authority: MFSA (Malta Financial Services Authority).
MNB Recommendation on IT Security for Financial Institutions
0 guidesMNB Ajnlas 8/2020
Hitelintezetek, biztositok, penzugyi valalatok. Authority: Magyar Nemzeti Bank (MNB).
NBB Circular on ICT Security Expectations for Financial Institutions
0 guidesCirculaire NBB_2015_32
Etablissements de credit, entreprises d'assurance, institutions de paiement. Authority: Banque Nationale de Belgique (NBB/BNB).
NBS Measure 3/2018 on IT Risk Management
0 guidesOpatrenie NBS c. 3/2018
Banky, poistovne, investicne spolocnosti. Authority: Narodna banka Slovenska (NBS).
NIS2
4 guidesEU Directive 2022/2555 - Legislative Decree 138/2024
Network and information security for essential and important entities
Ordinance on Minimum Network and Information Security Requirements
0 guidesNaredba za MMIS (prieta s PMS 186/2019)
Operators of essential services and digital service providers. Authority: State Agency for Cybersecurity.
PCI-DSS
2 guidesPCI-DSS v4.0 (effective March 31, 2024)
Security standard for entities that handle, process, or transmit payment card data
PSNC - Perimetro Sicurezza Nazionale Cibernetica (D.L. 105/2019)
2 guidesPSNC
National cybersecurity and compliance obligations for organizations within the scope of this regulation.
Sakerhetsskyddslag (2018:585) - Security Protection Act
0 guidesSAKERHETSSKYDDSLAGEN
Entities handling classified information, security-sensitive activities. Authority: Saekerhetspolisen (SAPO).
Sikkerhetsloven (Security Act)
0 guidesSIKKHETSLOV
Entities handling classified info, critical infrastructure. Authority: NSM.
Discover Your Compliance Level for Banks & Credit
Check in just a few minutes which regulations apply to your banks & credit business and the priority actions to become compliant.
Start Free AssessmentAudit your website automatically
Scan your public website for GDPR cookie banner, accessibility (WCAG 2.1 AA), legal transparency and security headers — AI generates copy-pasteable fixes and a PDF report.
Discover the Website Compliance Audit