Cybersicherheit für KMU
Der vollständige Leitfaden zur Cybersicherheits-Compliance für kleine und mittlere Unternehmen. Erfahren Sie, welche Vorschriften für Ihr Unternehmen gelten, welche Anforderungen zu erfüllen sind, welche Strafen drohen und welche Compliance-Kosten in Ihrer Branche anfallen.
Cybersicherheits-Compliance nach Branche
Banken und Kredit
Banken, Kreditinstitute und Finanzintermediäre
Vorschriften entdeckenVersicherungen
Versicherungs- und Rückversicherungsunternehmen
Vorschriften entdeckenFinanzen und Investitionen
Vermögensverwalter, Wertpapierfirmen und Fintech
Vorschriften entdeckenEnergie
Erzeuger, Verteiler und Anbieter von Strom, Gas und Erdöl
Vorschriften entdeckenVerkehr und Transport
Luft-, Schienen-, See- und Straßenverkehrsbetreiber
Vorschriften entdeckenGesundheitswesen
Krankenhäuser, Kliniken, Labore und Gesundheitsdienstleister
Vorschriften entdeckenFertigung und Produktion
Fertigungsindustrie, Produktion und industrielle Automatisierung
Vorschriften entdeckenDigital und IT
Softwarehäuser, Systemintegratoren, MSPs und Technologieunternehmen
Vorschriften entdeckenTelekommunikation
Telekommunikationsbetreiber, ISPs und Kommunikationsanbieter
Vorschriften entdeckenÖffentliche Verwaltung
Gemeinden, Regionen, Ministerien und öffentliche Einrichtungen
Vorschriften entdeckenEinzelhandel und Handel
Großvertrieb, E-Commerce und Einzelhandelsketten
Vorschriften entdeckenLebensmittel und Landwirtschaft
Lebensmittelproduktion, -verarbeitung und -vertrieb
Vorschriften entdeckenChemie und Pharma
Chemische, pharmazeutische und biotechnologische Industrie
Vorschriften entdeckenWasser und Versorgung
Wasserversorger, Kanalnetze und Umweltdienste
Vorschriften entdeckenVertrauensdienste
Zertifizierungsstellen, Identitätsanbieter und Vertrauensdiensteanbieter
Vorschriften entdeckenRaumfahrt und Luftfahrt
Raumfahrt-, Satelliten- und Luftfahrtindustrie
Vorschriften entdeckenPost- und Kurierdienste
Postbetreiber, Expresskuriere und Logistik
Vorschriften entdeckenFreiberufliche Dienstleistungen
Anwaltskanzleien, Beratungen, Steuerberater und Wirtschaftsprüfer
Vorschriften entdeckenDigitale Infrastruktur
Rechenzentren, Cloud-Anbieter, CDNs und IXPs
Vorschriften entdeckenSonstige Branchen
Unternehmen anderer Branchen mit grundlegenden Cybersecurity-Pflichten
Vorschriften entdeckenUnterstützte Cybersicherheitsvorschriften
ComplyDev deckt die 13 wichtigsten europäischen Vorschriften zu Cybersicherheit, Datenschutz und digitaler Resilienz ab.
2011. evi CXII. torveny az informacios onrendelkezesi jogrol (Info Act - GDPR adapted)
FristINFOTV
All organizations processing personal data. Authority: NAIH.
2024. evi LXIX. torveny Magyarorszag kiberbiztonsigirol (Cybersecurity Act - NIS2 transposition)
FristKIBERT2024
Essential and important entities. Authority: SZTFH / NBSZ-NKI.
ACN Determination - NIS2 Security Measures
FristDetermina ACN 38565/2025
Soggetti essenziali e importanti registrati presso ACN. Authority: ACN - Agenzia per la Cybersicurezza Nazionale.
ACPR IT Security Instructions for Financial Sector
FristInstruction ACPR 2014-I-07
Etablissements de credit et d'assurance sous supervision ACPR. Authority: ACPR (Autorite de Controle Prudentiel et de Resolution).
Act 181/2014 on Cyber Security (NIS1)
FristZakon c. 181/2014 Sb.
Operators of essential services, critical information infrastructure. Authority: NUKIB.
Act L of 2013 on Electronic Information Security of State and Local Government Bodies
Frist2013. evi L. torveny
Allami es onkormanyzati szervek, kozfeladatot ellato szervek. Authority: SZTFH (previously SZSZ / NISZ).
Act on Electronic Communications Services - Security Obligations
Frist917/2014
Televiestintaverkkojen ja -palvelujen tarjoajat. Authority: Traficom.
AGID - Misure Minime Sicurezza ICT PA (Circolare 2/2017)
FristAGID
Nationale Cybersicherheits- und Compliance-Pflichten für Organisationen im Anwendungsbereich dieser Regelung.
AI Act
FristEU-Verordnung 2024/1689
Regulierung von KI-Systemen in der EU mit risikobasiertem Ansatz. Schrittweise Anwendung: verbotene Praktiken ab 2. Feb. 2025, GPAI-Pflichten ab 2. Aug. 2025, Hochrisiko-Systeme ab 2. Aug. 2026
Arrete Royal du 9 juin 2024 (NIS2 Royal Decree)
FristARNIS2
Detailed measures for NIS2 implementation. Authority: CCB.
Asmens duomenu teisinies apsaugos istatymas (Personal Data Protection Act)
FristADAI
All organizations processing personal data. Authority: VDAI.
Banco de Portugal Notice 1/2021 - ICT Risk Management
FristAviso BdP n. 1/2021
Instituicoes de credito e empresas de investimento. Authority: Banco de Portugal.
Bank of Greece IT Risk Management Framework
FristBoG Governor Act 2577/2006 (as amended)
Pistotika idrymata kai epicheiriseis ependyseon. Authority: Trapeza tis Ellados (Bank of Greece).
Bank of Lithuania Resolution on ICT Management Requirements
FristLB Nutarimas Nr. 03-18 (2020)
Kredito istaigas, draudimo imones, mokejimo istaigas. Authority: Lietuvos bankas (Bank of Lithuania).
Bank of Slovenia Decision on Information Security Management
FristSklep BS (Ur. l. RS 73/2018)
Kreditne institucije in poddruznice tujih bank. Authority: Banka Slovenije.
Bank of Spain Circular 2/2023 on Technology Risk Supervision
FristCircular 2/2023 BdE
Entidades de credito y proveedores de servicios de pago. Authority: Banco de Espana.
Bankaufsichtliche Anforderungen an die IT
FristBAIT
Banks and financial service providers. Authority: BaFin.
Bankitalia 285 - Disposizioni di Vigilanza Banche (Titolo IV)
FristBANKITALIA285
Nationale Cybersicherheits- und Compliance-Pflichten für Organisationen im Anwendungsbereich dieser Regelung.
Bankwesengesetz - IT security provisions
FristBWG
Banks, credit institutions. Authority: FMA / OeNB.
Baseline Informatiebeveiliging Overheid
FristBIO
All government entities (Rijksoverheid, municipalities, provinces, water boards). Authority: Ministerie van BZK.
BNR Norm 4/2018 on IT Operational Risk Management
FristNorma BNR nr. 4/2018
Institutii de credit si institutii financiare. Authority: Banca Nationala a Romaniei (BNR).
BSI-Gesetz / NIS2-Umsetzungsgesetz (NIS2UmsuCG)
FristBSIG
Essential and important entities (~29,000 organizations across all NIS2 sectors). Authority: BSI.
Bundesdatenschutzgesetz (Federal Data Protection Act)
FristBDSG
All organizations processing personal data in Germany. Authority: BfDI.
CAA Circular on Insurance Sector IT Security
FristCirculaire CAA 20/10
Entreprises d'assurance et de reassurance. Authority: CAA (Commissariat aux Assurances).
CAD - Codice Amministrazione Digitale (D.Lgs. 82/2005)
FristCAD
Nationale Cybersicherheits- und Compliance-Pflichten für Organisationen im Anwendungsbereich dieser Regelung.
CBI Cross-Industry Guidance on IT and Cybersecurity Risks
FristCBICROSS
Financial services firms regulated by CBI. Authority: CBI.
CBI Operational Resilience Guidelines
FristCBIOPRES
Banks, insurance companies, investment firms. Authority: CBI.
CFCS regulations on cybersecurity in critical sectors
FristCFCSBEKENDTGOERELSE
Critical sector operators (energy, transport, health, etc.). Authority: CFCS.
Critical Infrastructure Act
FristNN 56/2013
Operatori kljucnih infrastruktura. Authority: Ministarstvo unutarnjih poslova.
Critical Infrastructure Act
FristZKI (Ur. l. RS 75/2017)
Operatorji kljucne infrastrukture. Authority: Ministrstvo za obrambo.
CSIRT KNF - Financial Sector CSIRT
FristCSIRTKNF
Financial sector entities. Authority: KNF.
CSSF Circulars on IT outsourcing and cybersecurity (17/654, 22/806)
FristCSSFCIRC
Financial sector entities. Authority: CSSF.
Cyber-Security-Gesetz (CSG - amended for NIS2 transposition)
FristCSG
Essential and important entities. Authority: Amt fuer Kommunikation.
Cyberbeveiligingswet (Cybersecurity Act - NIS2 transposition)
FristCBW
~8,000 essential and important entities. Authority: NCSC-NL.
CyberFundamentals Framework (CyFun)
FristCYBERFUN
Voluntary/recommended framework for NIS2 compliance proof. Authority: CCB.
Cybersaekerhetslag (Proposition 2025/26:28 - NIS2 transposition)
FristCYBERLAG
Essential and important entities in 18 sectors. Authority: MSB / PTS / Sector supervisors.
Danish FSA IT Security Requirements for Financial Sector
FristBEK nr. 1580 af 17/12/2019
Pengeinstitutter, forsikringsselskaber og vaerdipapirhandlere. Authority: Finanstilsynet.
Data Protection Act (Cap. 586 - GDPR implementation)
FristDPACT
All organizations processing personal data. Authority: IDPC.
Data Protection Act 2018 (GDPR implementation)
FristDPA2018
All organizations processing personal data. Authority: DPC.
Databeskyttelsesloven (Lov nr. 502/2018 - GDPR implementation)
FristDATABESKYTTELSESLOVEN
All organizations processing personal data. Authority: Datatilsynet.
Datenschutzgesetz (Data Protection Act - GDPR implementation)
FristDSG_LI
All organizations processing personal data. Authority: Datenschutzstelle.
Datenschutzgesetz (Federal Data Protection Act)
FristDSG
All organizations processing personal data in Austria. Authority: DSB.
Decreto-Lei 125/2025 - Regime Juridico da Ciberseguranca (NIS2 transposition)
FristDL125
Essential and important entities, public administration. Authority: CNCS.
Decreto-Lei 65/2021 (original NIS transposition - replaced by DL125)
FristDL65
Operators of essential services. Authority: CNCS.
DNB Good Practice Information Security
FristDNB Guidance 2019
Financiele instellingen onder toezicht van DNB. Authority: De Nederlandsche Bank (DNB).
DORA
FristEU-Verordnung 2022/2554
Digitale operationelle Resilienz für den Finanzsektor
E-ITS Baseline Security Controls (national standard)
FristEITS
Public sector and regulated entities. Authority: RIA.
EFSA Guidelines on IT Risk Management for Financial Sector
FristFinantsinspektsiooni soovituslik juhend (2020)
Krediidiasutused, kindlustusseltsid, investeerimisettevotted. Authority: Finantsinspektsioon (EFSA).
eIDAS
FristEU-Verordnung 910/2014 + EU-Verordnung 2024/1183 (eIDAS 2.0)
Digitale Identität und qualifizierte Vertrauensdienste (digitale Signatur, PEC, Zeitstempel)
Elektronines informacijos saugos istatymas (Electronic Information Security Act)
FristEISI
State information resources. Authority: NKSC.
Esquema Nacional de Seguridad - Real Decreto 311/2022
FristENS
Public sector, public service providers, critical infrastructure. Authority: CCN / Ministerio de Asuntos Economicos.
FCMC Regulations on IT and Security Risk Management
FristFKTK normativie noteikumi 233 (2020)
Kreditiestades, apdrosinasanas sabiedribas, ieguldijumu uznemumi. Authority: FKTK (Finansu un kapitala tirgus komisija) / Latvijas Banka.
FFFS 2014:5 Informationssaekerhet, it-verksamhet
FristFFFS20145
Banks, securities companies, credit market companies. Authority: Finansinspektionen.
Finanssivalvonta Standards and Regulations on IT risk management
FristFINFSASTANDARDS
Banks, insurance companies, pension funds, investment firms. Authority: Finanssivalvonta.
Fizisko personu datu apstrades likums (Personal Data Processing Act - GDPR implementation)
FristFPDAL
All organizations processing personal data. Authority: DVI.
FMA-IT-Sicherheitsverordnung (FMA IT Security Regulation)
FristFMA-IT-SichV 2021
Kreditinstitute, Versicherungsunternehmen, Wertpapierfirmen. Authority: FMA (Finanzmarktaufsicht).
GDPR
EU-Verordnung 2016/679
Schutz personenbezogener Daten in der Europäischen Union
General Security Policy for Health Information Systems
FristArt. L.1110-4-1 Code de la sante publique
Tous les acteurs du secteur sante manipulant des donnees de sante. Authority: ANS / Ministere de la Sante.
Health Service Executive Data Protection and Cybersecurity Framework
FristHealth Act 2004 (as amended), HSE Policy
Healthcare organisations in the public health system. Authority: HSE (Health Service Executive).
Hebergement de Donnees de Sante (HDS Certification)
FristHDS
Organizations hosting health data. Authority: ANS / Ministere de la Sante.
IKT-forskrift for finansforetak (IKT regulation for financial entities)
FristIKT_FORSKRIFT
Banks, insurance, pension, securities firms. Authority: Finanstilsynet.
Informationssicherheitsgesetz (currently in preparation)
FristIBSG
Federal administration IT security. Authority: BKA.
Isikuandmete kaitse seadus (Personal Data Protection Act)
FristIKSSEADUS
All organizations processing personal data. Authority: AKI.
ISO 27001
ISO/IEC 27001:2022 - Internationaler Standard
Informationssicherheits-Managementsystem (ISMS)
IT-Sicherheitsgesetz 2.0
FristITSIG2
KRITIS operators (energy, water, health, transport, finance, IT, telecoms, food, waste). Authority: BSI.
Italian Data Protection Code (as amended by D.Lgs. 101/2018)
FristD.Lgs. 196/2003
Tutti i soggetti che trattano dati personali in Italia. Authority: Garante per la Protezione dei Dati Personali.
IVASS 38 - Regolamento Governance Sistema Informativo (Reg. 38/2018)
FristIVASS38
Nationale Cybersicherheits- und Compliance-Pflichten für Organisationen im Anwendungsbereich dieser Regelung.
Kapitalverwaltungsaufsichtliche Anforderungen an die IT (KAIT)
FristKAIT (BaFin Rundschreiben 11/2019)
Kapitalverwaltungsgesellschaften (KVG). Authority: BaFin.
Kibernetinio saugumo istatymas (Cybersecurity Act - amended for NIS2)
FristKSI
~2,000 cybersecurity entities in essential and important sectors. Authority: NKSC / KAM (Ministry of National Defence).
KNF Recommendation D - Management of IT and ICT Environment
FristKNFREKOM
Banks, credit institutions. Authority: KNF.
KRITIS-Verordnung (BSI-KritisV)
FristKRITISV
Critical infrastructure operators above threshold values. Authority: BSI.
Kuberturvalisuse seadus (Cybersecurity Act - amended for NIS2)
FristKYBSEADUS
Essential and important entities + research institutions. Authority: RIA / CERT-EE.
KYA 1689/2025 - National Cybersecurity Requirements Framework
FristKYA1689
Critical and important entities. Authority: NCSA.
Kyberturvallisuuslaki (Cybersecurity Act - NIS2 transposition)
FristKYBERLAKI
Essential and important entities in 18 sectors. Authority: Traficom / Kyberturvallisuuskeskus + 6 sectoral supervisors.
Lag med kompletterande bestammelser till EU:s dataskyddsfoerordning (2018:218)
FristPDLAG
All organizations processing personal data in Sweden. Authority: IMY.
Laki julkisen hallinnon tiedonhallinnasta (906/2019 - Information Management Act)
FristJULKICTLAKI
Public administration entities. Authority: Digi- ja vaestotietovirasto.
Legea 124/2025 (consolidation of NIS2 transposition)
FristLEGEA124
Essential and important entities. Authority: DNSC.
Legea 190/2018 (GDPR implementation)
FristLEGEA190
All organizations processing personal data. Authority: ANSPDCP.
Legea 362/2018 (original NIS transposition)
FristLEGEA362
Operators of essential services. Authority: CERT-RO.
Legislative Decree 138/2024 - NIS2 Transposition
FristD.Lgs. 138/2024
Soggetti essenziali e importanti nei 18 settori NIS2 (50+ dipendenti o 10M+ fatturato). Authority: ACN - Agenzia per la Cybersicurezza Nazionale.
Lei 58/2019 (GDPR implementation)
FristLEI58
All organizations processing personal data. Authority: CNPD.
Ley 8/2011 de Proteccion de Infraestructuras Criticas
FristLPIC
Critical infrastructure operators (12 strategic sectors). Authority: CNPIC / Ministerio del Interior.
Ley de Coordinacion y Gobernanza de la Ciberseguridad (NIS2 transposition)
FristLCGC
Essential and important entities. Authority: Centro Nacional de Ciberseguridad.
Ley Organica 3/2018 de Proteccion de Datos y Garantia de Derechos Digitales
FristLOPDGDD
All organizations processing personal data in Spain. Authority: AEPD.
Log um netoryggi 78/2019 (Cyber-Security Act)
FristNETORYGGI
Critical infrastructure operators. Authority: Fjarskiptastofa / CERT-IS.
Log um personuvernd 90/2018 (GDPR implementation)
FristPERSONUVERNDARLÖG
All organizations processing personal data. Authority: Personuvernd.
Loi de Programmation Militaire (LPM 2024-2030) - Art. cyber OIV
FristLPM
Operateurs d'Importance Vitale (OIV). Authority: ANSSI / SGDSN.
Loi du 1er aout 2018 portant organisation de la CNPD (GDPR implementation)
FristLPDP_LU
All organizations processing personal data. Authority: CNPD.
Loi du 1er juillet 2011 relative a la securite et la protection des infrastructures critiques
FristLSRI
Critical infrastructure operators. Authority: Centre de crise national.
Loi du 26 avril 2024 etablissant un cadre pour la cybersecurite des reseaux et des systemes d'information
FristLNIS2
Essential and important entities in 18 NIS2 sectors. Authority: CCB.
Loi du 30 juillet 2018 relative a la protection des personnes physiques (GDPR implementation)
FristLPDP
All organizations processing personal data in Belgium. Authority: APD/GBA.
Loi Informatique et Libertes (Loi n.78-17 modifiee)
FristLOIINFORMATIQUE
All organizations processing personal data in France. Authority: CNIL.
Loi pour la Confiance dans l'Economie Numerique (Loi n.2004-575)
FristLCEN
Digital economy operators, e-commerce, ISPs. Authority: Gouvernement.
Loi relative a la resilience des infrastructures critiques et au renforcement de la cybersecurite (NIS2 transposition)
FristLRICRC
Essential and important entities in 18 sectors. Authority: ANSSI.
Lov om digital sikkerhet (Digital Security Act - based on NIS1 with NIS2 elements)
FristDIGSIKHETSLOV
Essential service providers, digital infrastructure. Authority: NSM + sector regulators.
Malta Digital Innovation Authority Act (Cap. 591)
FristMDIA
Technology arrangements and innovative technology services. Authority: MDIA.
MFSA ICT Risk Management Requirements for Financial Sector
FristMFSA Banking Rule BR/22
Credit institutions, insurance undertakings, investment services licensees. Authority: MFSA (Malta Financial Services Authority).
Ministru kabineta noteikumi Nr. 397 - Minimalas kiberdrosibas prasibas
FristMK397
Regulated entities under NKDL. Authority: National Cybersecurity Centre.
MNB Recommendation on IT Security for Financial Institutions
FristMNB Ajnlas 8/2020
Hitelintezetek, biztositok, penzugyi valalatok. Authority: Magyar Nemzeti Bank (MNB).
Nacionalas kiberdrosibas likums (National Cybersecurity Law - NIS2 transposition)
FristNKDL
Essential and important entities. Authority: National Cybersecurity Centre / CERT.LV.
National Cyber Security Bill 2024 (NIS2 transposition)
FristNCSB
Essential and important entities. Authority: NCSC.
NBB Circular on ICT Security Expectations for Financial Institutions
FristCirculaire NBB_2015_32
Etablissements de credit, entreprises d'assurance, institutions de paiement. Authority: Banque Nationale de Belgique (NBB/BNB).
NBS Measure 3/2018 on IT Risk Management
FristOpatrenie NBS c. 3/2018
Banky, poistovne, investicne spolocnosti. Authority: Narodna banka Slovenska (NBS).
Network and Information Systems Security (Amendment) Law of 2025 (NIS2 transposition)
FristNIS2CY
Essential and important entities. Authority: DSA.
Netz- und Informationssystemsicherheitsgesetz 2026 (NISG 2026 - NIS2 transposition)
FristNISG2026
~4,000 essential and important entities. Authority: NIS Buero / BMI.
NIS2
FristEU-Richtlinie 2022/2555 - D.Lgs. 138/2024 (ital. Umsetzung)
Sicherheit von Netz- und Informationssystemen für wesentliche und wichtige Einrichtungen
NIS2-lov / Lov om foranstaltninger til sikring af et hojt faelles cybersikkerhedsniveau
FristNISDK
~6,000 essential and important entities. Authority: CFCS + Styrelsen for Samfundssikkerhed.
Nomos 4624/2019 (GDPR implementation)
FristN4624
All organizations processing personal data. Authority: HDPA.
Nomos 5160/2024 (NIS2 transposition - Law 5160/2024)
FristN5160
Essential and important entities. Authority: NCSA (Ethniki Archi Kybernoasfaleias).
Ordinance on Minimum Network and Information Security Requirements
FristNaredba za MMIS (prieta s PMS 186/2019)
Operators of essential services and digital service providers. Authority: State Agency for Cybersecurity.
Ordonanta de Urgenta 155/2024 (NIS2 transposition)
FristOUG155
Essential and important entities. Authority: DNSC.
Patient Data Act - Security Provisions
FristSFS 2008:355
Vardgivare som behandlar patientdata. Authority: Socialstyrelsen / IMY.
PCI-DSS
PCI-DSS v4.0 (ab 31. März 2024)
Sicherheitsstandard für die Verarbeitung, Speicherung und Übertragung von Zahlungskartendaten
Personopplysningsloven (Personal Data Act - GDPR implementation)
FristPERSONOPPLYSNINGSLOVEN
All organizations processing personal data. Authority: Datatilsynet.
Processing of Personal Data (Protection of the Individual) Law 2018
FristGDPRCY
All organizations processing personal data. Authority: Commissioner for Personal Data Protection.
Projet de loi 8364 - Mesures pour un niveau eleve de cybersecurite (NIS2 transposition)
FristPL8364
~6,000-8,000 essential and important entities. Authority: ILR (most sectors) / CSSF (financial).
PSNC - Perimetro Sicurezza Nazionale Cibernetica (D.L. 105/2019)
FristPSNC
Nationale Cybersicherheits- und Compliance-Pflichten für Organisationen im Anwendungsbereich dieser Regelung.
Real Decreto 1720/2007 (Reglamento LOPD)
FristRDLOPD
All data controllers and processors. Authority: AEPD.
Regime Juridico da Seguranca do Ciberespaco (Lei 46/2018)
FristRJSE
Foundation cybersecurity law. Authority: CNCS.
Regulation on National Interoperability Framework (KRI)
FristRozp. RM z dnia 12 kwietnia 2012 r.
Podmioty realizujace zadania publiczne. Authority: Ministerstwo Cyfryzacji.
S.L. 460.41 - Measures for a High Common Level of Cybersecurity (LN 71/2025 - NIS2 transposition)
FristSL46041
Essential and important entities. Authority: CIPD.
Sakerhetsskyddslag (2018:585) - Security Protection Act
FristSAKERHETSSKYDDSLAGEN
Entities handling classified information, security-sensitive activities. Authority: Saekerhetspolisen (SAPO).
SecNumCloud - Referentiel de qualification ANSSI
FristSECNUMCLOUD
Cloud service providers handling sensitive/government data. Authority: ANSSI.
Sikkerhetsloven (Security Act)
FristSIKKHETSLOV
Entities handling classified info, critical infrastructure. Authority: NSM.
Telecommunications Act - Security Provisions
FristLov nr. 169 af 3/3/2011 (som aendret)
Udbydere af elektroniske kommunikationsnet og -tjenester. Authority: Erhvervsstyrelsen.
Telekommunikation-Modernisierungsgesetz - IT-Sicherheitspflichten (TKMoG/TKG 2021)
FristTKG 2021 §§165-169
Telekommunikationsanbieter und Betreiber oeffentlicher Telekommunikationsnetze. Authority: BNetzA / BSI.
Telekommunikationsgesetz 2021 - Sicherheitsbestimmungen (§§90-93)
FristTKG 2021 §§90-93
Anbieter oeffentlicher Kommunikationsnetze und -dienste. Authority: RTR-GmbH.
Tietosuojalaki 1050/2018 (Data Protection Act)
FristTSL
All organizations processing personal data in Finland. Authority: Tietosuojavaltuutettu.
Uitvoeringswet AVG (GDPR Implementation Act)
FristUAVG
All organizations processing personal data in Netherlands. Authority: Autoriteit Persoonsgegevens.
Uredba o kibernetickoj sigurnosti (NN 135/2024 - Implementing regulation)
FristUOKBS
Detailed measures, audit requirements. Authority: SOA.
Ustawa o Krajowym Systemie Cyberbezpieczenstwa (nowelizacja - NIS2 transposition)
FristUKSC
Essential and important entities. Authority: Ministerstwo Cyfryzacji / CSIRT NASK / CSIRT GOV / CSIRT MON.
Ustawa o ochronie danych osobowych (GDPR implementation)
FristUODO_ACT
All organizations processing personal data. Authority: UODO.
Versicherungsaufsichtliche Anforderungen an die IT
FristVAIT
Insurance companies. Authority: BaFin.
Vyhlaska NBU o kybernetickej bezpecnosti (NBU Cybersecurity Decree)
FristVYHKB_SK
Regulated entities. Authority: NBU.
Vyhlaska o kyberneticke bezpecnosti (NUKIB Decree on cybersecurity measures)
FristVYHLKB
Regulated entities under ZOKB. Authority: NUKIB.
Wet beveiliging netwerk- en informatiesystemen (current, until CBW)
FristWBNI
Vital service providers and digital service providers. Authority: NCSC-NL.
Wet op de geneeskundige behandelingsovereenkomst + NEN 7510
FristWGS
Healthcare organizations, health data processors. Authority: Dutch Healthcare Authority.
Zakon c. 18/2018 Z.z. o ochrane osobnych udajov (GDPR implementation)
FristZOOU_SK
All organizations processing personal data. Authority: UOOU SK.
Zakon c. 69/2018 Z.z. o kybernetickej bezpecnosti (amended for NIS2)
FristZOKB_SK
~3,403 essential and important entities. Authority: NBU.
Zakon o informacijski varnosti (ZInfV-1 - NIS2 transposition)
FristZINFV1
Essential and important entities. Authority: URSIV / SI-CERT.
Zakon o kibernetickoj sigurnosti (NN 14/2024 - NIS2 transposition)
FristZOKBS
8,000-10,000 essential and important entities. Authority: SOA / CERT.hr / CIPD.
Zakon o kyberneticke bezpecnosti c. 264/2025 Sb. (NIS2 transposition)
FristZOKB
Essential and important entities in 15 sectors (50+ employees or 10M+ EUR turnover). Authority: NUKIB.
Zakon o ochrane osobnich udaju (GDPR implementation)
FristZOOU
All organizations processing personal data. Authority: UOOU.
Zakon o provedbi Opce uredbe o zastiti podataka (GDPR implementation)
FristZOZOP
All organizations processing personal data. Authority: AZOP.
Zakon o varstvu osebnih podatkov (ZVOP-2 - GDPR implementation)
FristZVOP2
All organizations processing personal data. Authority: IP.
Zakon za kibersigurnostta (Cybersecurity Act - amended for NIS2)
FristZOKBS_BG
18 sectors, essential and important entities. Authority: State Agency for Cybersecurity.
Zakon za zashtita na lichnite danni (Personal Data Protection Act)
FristZZLD
All organizations processing personal data. Authority: KZLD.
Überprüfen Sie die Compliance Ihres Unternehmens
Erfahren Sie in wenigen Minuten, welche Vorschriften für Ihr KMU gelten, Ihren aktuellen Compliance-Stand und die prioritären Maßnahmen.
Kostenloses Assessment starten