Cyber, critical infrastructure &amp; AI standards — all in one place.

View detailscritical infrastructure · cybersecurity

SOCIA 2018 — Security of Critical Infrastructure Act 2018

The Security of Critical Infrastructure Act 2018 (SOCIA) establishes a regulatory framework for managing national security risks to Australia’s critical infrastructure sectors. It introduces statutory obligations, reporting requirements, and oversight mechanisms for critical assets.

Issuer: Australian Department of Home Affairs
Jurisdiction: Australia
Version: No. 29, 2018

View detailspersonal information · government

Privacy Act

The Privacy Act of Canada governs the collection, use, retention, and disclosure of personal information by federal government institutions. It ensures that individuals have the right to access and correct their personal information held by the government.

Issuer: Government of Canada
Jurisdiction: Canada
Updated: Jun 2025

GRCLawIn 6clicks App

National Greenhouse and Energy Reporting Act 2007

The National Greenhouse and Energy Reporting Act 2007 establishes a national framework for corporations to report their greenhouse gas emissions, energy production, and energy consumption. It aims to improve data transparency and inform government policy on climate change.

Issuer: Australian Government
Jurisdiction: Australia
Updated: Sep 2021

View detailsgreenhouse gas · energy reporting

View detailsemployment · workplace

Fair Work Regulations 2009

The Fair Work Regulations 2009 provide detailed legislative backing to the Fair Work Act 2009, outlining the operational rules and requirements for employment relationships, industrial agreements, and workplace standards in Australia. It includes rules on employer obligations, employee protections, and compliance mechanisms.

Issuer: Department of Employment and Workplace Relations (DEWR)
Jurisdiction: Australia
Updated: May 2018

View detailscarbon pricing · climate change

Clean Energy Act 2011

The Clean Energy Act 2011 establishes the framework for implementing a carbon pricing mechanism in Australia. It includes provisions for covered entities, emission obligations, and limits on emissions units.

Issuer: Parliament of Australia
Jurisdiction: Australia

View detailszero trust · cybersecurity

CISA ZTMM V2 — CISA Zero Trust Maturity Model V2

The CISA Zero Trust Maturity Model V2 provides a structured roadmap for organizations implementing a zero trust architecture. It outlines five key pillars and associated maturity levels to guide strategies and execution.

Issuer: US Department of Homeland Security (DHS)
Jurisdiction: United States
Version: 2
Updated: Apr 2023

View detailsict risk · security management

Guidelines on ICT and Security Risk Management

The EBA Guidelines establish requirements for credit institutions, investment firms, and payment service providers on mitigating and managing information and communication technology (ICT) risks. They aim to ensure a consistent and robust approach to ICT and security risk management across the EU financial sector.

Issuer: European Banking Authority (EBA)
Jurisdiction: European Union
Version: 2025 update
Updated: Jul 2025

View detailscybersecurity · maturity model

C2M2 — Cybersecurity Capability Maturity Model

The Cybersecurity Capability Maturity Model (C2M2) is a tool developed by the U.S. Department of Energy to help organizations evaluate and enhance their cybersecurity capabilities. It focuses on both IT and OT environments, offering a structured framework of over 350 practices organized into 10 domains.

Issuer: U.S. Department of Energy
Jurisdiction: United States
Version: 2.1
Updated: Jun 2022

View detailscybersecurity · controls

ECC 2-2024 — Essential Cybersecurity Controls

The Essential Cybersecurity Controls (ECC 2-2024) aim to enhance cybersecurity at the national level in Saudi Arabia. They provide policies and controls to protect the information and technological assets of national entities.

Issuer: National Cybersecurity Authority
Jurisdiction: Kingdom of Saudi Arabia
Version: 2-2024
Updated: Apr 2026

View detailscybersecurity · controls

DCC-1:2022 — Data Cybersecurity Controls

The Data Cybersecurity Controls (DCC-1:2022) establish minimum cybersecurity requirements to protect data throughout its lifecycle. Issued by the Saudi National Cybersecurity Authority, the controls build on existing cybersecurity frameworks to enhance the Kingdom's overall cybersecurity maturity.

Issuer: National Cybersecurity Authority (NCA)
Jurisdiction: Kingdom of Saudi Arabia
Version: 1:2022
Updated: May 2025

View detailscybersecurity · controls

CIS Controls v8.1 — CIS Critical Security Controls Version 8.1

The CIS Critical Security Controls Version 8.1 is a prioritized set of cybersecurity best practices designed to defend against common cyber threats to systems and networks. It includes updates to align with evolving industry standards and frameworks, such as NIST CSF 2.0.

Issuer: Center for Internet Security (CIS)
Version: 8.1

AIStandardIn 6clicks App

ISO/IEC 42001 — ISO/IEC 42001:2023 - Artificial Intelligence Management System

ISO/IEC 42001:2023 is the first international standard for Artificial Intelligence Management Systems (AIMS). It provides requirements for establishing, implementing, maintaining, and improving AIMS, focusing on the responsible use, governance, and risk management of AI across organizations.

Issuer: ISO/IEC
Version: 2023
Updated: Dec 2023

View detailsartificial intelligence · risk management

View detailscloud security · compliance

CCM v4.0 — Cloud Controls Matrix v4.0

The Cloud Controls Matrix (CCM) v4 is a meta-framework of cloud-specific security controls designed to provide clarity and structure for information security in cloud computing environments. It includes mappings to leading standards, best practices, and regulations.

Issuer: Cloud Security Alliance (CSA)
Version: 4.0

View detailsinformation security · iso 27001

IS18 — Information and Cyber Security Policy (IS18)

The Information and Cyber Security Policy (IS18) is a policy framework established by the Queensland Government to enhance information security and organizational resilience. It mandates the implementation of ISO 27001-based ISMS, systematic risk management, and compliance with the Australian Signals Directorate's Essential Eight Strategies for all Queensland Government agencies.

Issuer: Queensland Government
Jurisdiction: Queensland, Australia
Version: 9.0.0
Updated: Jan 2026

View detailsiot · security

CSA IoT Controls — CSA IoT Security Controls Framework

The CSA IoT Security Controls Framework provides essential security controls to mitigate risks in IoT systems that include various connected devices, cloud services, and networks. It is designed to apply to a range of IoT systems, from handling low-value data to supporting critical services.

Issuer: Cloud Security Alliance (CSA)
Version: 2

CybersecurityStandardControl setIn 6clicks App

PCI DSS — PCI Data Security Standard (PCI DSS)

The PCI Data Security Standard (PCI DSS) is a global security standard designed to protect payment card account data. It establishes technical and operational security requirements for organizations that handle cardholder data.

Issuer: PCI Security Standards Council
Version: 4.x

View detailspayment security · data protection

GRCStandardControl setIn 6clicks App

ISO 9001 — ISO 9001:2015 Quality Management Systems — Requirements

ISO 9001:2015 is an international standard for quality management systems. It provides requirements for organizations to establish, implement, maintain, and continually improve a quality management system to enhance customer satisfaction and operational efficiency.

Issuer: International Organization for Standardization (ISO)
Version: 2015 (Edition 5)
Updated: May 2021

View detailsquality management · process improvement

GRCStandardControl setIn 6clicks App

ISO 45001 — ISO 45001:2018 - Occupational Health and Safety Management Systems — Requirements with Guidance for Use

ISO 45001:2018 is an international standard that specifies requirements for an occupational health and safety (OH&S) management system. It helps organizations improve workplace safety, reduce risks, and enhance overall OH&S performance.

Issuer: International Organization for Standardization (ISO)
Version: 2018
Updated: May 2024

View detailsoccupational health · safety management

Critical InfrastructureRegulationIn 6clicks App

EU Regulation 2022/1645 — Commission Delegated Regulation (EU) 2022/1645

EU Regulation 2022/1645 establishes mandatory cybersecurity management requirements for Part 21 Design Organisations (DOs) and Production Organisations (POs) in the aviation sector. It introduces the implementation of an Information Security Management System (ISMS) to protect critical systems, data, and processes from cyber threats.

Issuer: European Commission
Jurisdiction: European Union
Updated: Jan 2022

View detailscybersecurity · aviation

View detailsdata protection · privacy

UAE Personal Data Protection Law — Federal Decree Law No. 45 of 2021 Regarding the Protection of Personal Data

The UAE Personal Data Protection Law establishes an integrated framework to ensure the confidentiality of information and protect individual privacy in the UAE. It governs the processing of personal data, defines the rights of data owners, sets requirements for cross-border data transfer, and outlines obligations for businesses handling personal data.

Issuer: UAE Data Office
Jurisdiction: United Arab Emirates
Version: 20 Sep 2021

EU 2016/1675 — Commission Delegated Regulation (EU) 2016.1675 on High Risk Third Countries

This regulation identifies high-risk third countries with strategic deficiencies in the area of anti-money laundering (AML) and countering the financing of terrorism (CFT). It supplements Directive (EU) 2015/849, providing a legal framework for such identifications.

Issuer: European Commission
Jurisdiction: European Union
Version: 14 July 2016
Updated: Jun 2023

View detailsaml · cft

View detailsapplication security · web security

OWASP ASVS — OWASP Application Security Verification Standard

The OWASP Application Security Verification Standard (ASVS) is an open standard for testing and verifying the security of web applications. It provides developers with a comprehensive list of requirements for secure development and helps establish confidence in application security.

Issuer: OWASP Foundation
Version: 4.0.2
Updated: May 2025

GRCFrameworkControl setIn 6clicks App

COBIT 2019 — COBIT 2019 Framework

The COBIT 2019 Framework, developed by ISACA, is a globally recognized standard for optimizing enterprise IT governance and management. It provides flexible, detailed guidance for organizations aiming to achieve effective governance over information and technology.

Issuer: ISACA
Version: 2019

View detailsit governance · framework

View detailsinformation security · cybersecurity

CMMC — Cybersecurity Maturity Model Certification

The Cybersecurity Maturity Model Certification (CMMC) Assessment Guide defines how organizations are evaluated for compliance with cybersecurity requirements when working with the U.S. Department of Defense. It outlines assessment methods, evidence expectations, and control validation aligned with standards like NIST SP 800-171. The guide ensures consistent and rigorous verification of an organization’s ability to protect sensitive information.

Issuer: US Government
Jurisdiction: United States
Version: 2.13

View detailssuperannuation · conflicts of interest

SPS 521 — Prudential Standard SPS 521 - Conflicts of Interest

Prudential Standard SPS 521 is a legislative instrument under the Superannuation Industry (Supervision) Act 1993. It sets requirements for superannuation entities in Australia to appropriately manage conflicts of interest to ensure compliance and trust in their operations.

Issuer: Australian Prudential Regulation Authority (APRA)
Jurisdiction: Australia

CybersecurityFrameworkControl setIn 6clicks App

SOC2 — SOC2 Trusted Services Criteria

SOC 2 is a framework for managing and reporting on controls at service organizations relevant to security, availability, processing integrity, confidentiality, and privacy. It aims to provide detailed information and assurance to stakeholders about how these controls are implemented to protect user data.

Issuer: American Institute of Certified Public Accountants (AICPA)
Jurisdiction: United States
Updated: Sep 2022

View detailssoc 2 · security

View detailsaudit · superannuation

SPS 310 — Prudential Standard SPS 310 Audit and Related Matters

Prudential Standard SPS 310 establishes requirements for conducting audits and related matters for the superannuation industry in Australia. It ensures compliance with financial reporting and auditing practices in accordance with regulatory standards.

Issuer: Australian Prudential Regulation Authority (APRA)
Jurisdiction: Australia
Updated: Jun 2024

GRCLawIn 6clicks App

Corporations Act 2001 — Corporations Act 2001

The Corporations Act 2001 is Australia’s primary legislation regulating companies and other business entities. It outlines fiduciary duties for directors, including acting in good faith, exercising care and diligence, avoiding improper use of information or position, and disclosing certain interests.

Issuer: Australian Government
Jurisdiction: Australia
Version: 28 September 2017
Updated: Nov 2024

View detailscorporate governance · fiduciary duties

View detailsrenewable energy · electricity

Renewable Energy (Electricity) Act 2000

The Renewable Energy (Electricity) Act 2000 establishes a legal framework to encourage the generation of electricity from renewable energy sources in Australia. It creates a system for renewable energy certificates and mandates a Renewable Power Percentage to ensure participation by electricity retailers.

Issuer: Australian Government
Jurisdiction: Australia
Updated: Mar 2016

GRCLawIn 6clicks App

Workplace Relations Act 1996

The Workplace Relations Act 1996 was an Australian federal law governing employment relations, setting frameworks for workplace agreements, wage-setting, and employee entitlements. It covered topics such as the Australian Fair Pay Commission, industrial relations, and minimum workplace standards.

Issuer: Australian Government
Jurisdiction: Australia
Updated: Dec 2006

View detailsworkplace relations · labor law

View detailscybersecurity · assessment

FSSCP — The Financial Services Sector Cybersecurity Profile

The Financial Services Sector Cybersecurity Profile is a scalable and extensible assessment tool designed to help financial institutions manage cyber risks and demonstrate regulatory compliance. It is based on the NIST Cybersecurity Framework and offers a tailored approach to streamline cybersecurity assessments globally.

Issuer: Financial Services Sector Coordinating Council (FSSCC)
Jurisdiction: Global

View detailsozone · greenhouse gases

Ozone Protection and Synthetic Greenhouse Gas Management Act 1989

The Ozone Protection and Synthetic Greenhouse Gas Management Act 1989 is Australian legislation designed to manage the use, import, and export of ozone-depleting substances (ODS) and synthetic greenhouse gases (SGGs). It aligns with Australia's obligations under the Montreal Protocol, emphasizing environmental protection through licensing, quotas, and controls on substances and equipment.

Issuer: Australian Government
Jurisdiction: Australia
Version: 7, 1989
Updated: Jan 2020

View detailscybersecurity · data protection

SMB1001 — SMB1001 Cybersecurity Standard

The SMB1001 Cybersecurity Standard provides small and medium-sized businesses, including law firms, with a clear and achievable framework to enhance their cybersecurity defenses and demonstrate due diligence. It aims to help practitioners protect client confidentiality, reduce cyber risks, and meet stakeholder requirements.

Issuer: Dynamic Standards International (DSI)
Jurisdiction: Australia
Version: 2026
Updated: Sep 2025

View detailscybersecurity · capabilities

QCF — Qatar Cybersecurity Framework

The Qatar Cybersecurity Framework (QCF) provides structured guidelines to help organizations manage and strengthen their cybersecurity practices across governance, risk, protection, detection, response, and recovery. It promotes a proactive, coordinated approach to mitigating cyber threats while enhancing national and organizational resilience.

Issuer: Qatar National Cyber Security Committee (NCSC)
Jurisdiction: Qatar

View detailsprudential · fit and proper

CPS 520 — Prudential Standard CPS 520 Fit and Proper

The Prudential Standard CPS 520 sets out the requirements for assessing the fitness and propriety of responsible persons in APRA-regulated institutions, including banks, insurers, and private health insurers. It ensures that key positions are held by individuals who meet high standards of integrity and competence.

Issuer: Australian Prudential Regulation Authority (APRA)
Jurisdiction: Australia
Updated: Jul 2019

View detailsdata protection · consent management

Qatar PDPPL — Qatar Personal Data Privacy Protection Law (Law No. (13) of 2016)

The Qatar Personal Data Privacy Protection Law (PDPPL), formally Law No. 13 of 2016, is the primary data protection framework in Qatar. It governs how organizations collect, process, store, transfer, and secure personal data belonging to individuals in the country.

Issuer: Qatar National Cyber Security Agency (NCSA)
Jurisdiction: Qatar

CybersecurityRegulationIn 6clicks App

NSW Cyber Security Policy

The NSW Cyber Security Policy outlines mandatory requirements that all NSW Government agencies must follow to ensure the effective management of cyber security risks to government information and systems. It mandates annual reporting by agencies and includes policy directives related to incident management, risk assessment, and compliance.

Issuer: Cyber Security NSW
Jurisdiction: New South Wales, Australia

View detailscybersecurity · nsw

View detailscybersecurity · energy

AESCSF v2 Core — Australian Energy Sector Cyber Security Framework

The Australian Energy Sector Cyber Security Framework (AESCSF) provides a structured approach for managing cybersecurity risks specific to the energy sector. Version 2 introduces updates and refinements to address evolving threats and ensure resilience.

Issuer: Australian Energy Market Operator (AEMO)
Jurisdiction: Australia
Version: 2.0
Updated: Jan 2023

View detailsprivacy · data protection

Privacy and Data Protection Act 2014 — Privacy and Data Protection Act 2014 Version No. 032

The Privacy and Data Protection Act 2014 establishes a framework for protecting personal information and ensuring data security within the State of Victoria, Australia. It sets out responsibilities for Victorian public sector agencies regarding personal data handling and protections.

Issuer: Victorian Government
Jurisdiction: Victoria, Australia
Version: Version No. 032
Updated: May 2026

View detailscybersecurity · certification

Cyber Essentials Mark — CSA Cybersecurity Certification: Cyber Essentials Mark

The Cyber Essentials (2025) certification is a cybersecurity certification scheme developed by the Cyber Security Agency (CSA) of Singapore. It provides a framework for organisations to enhance their cybersecurity posture, covering areas like classical cybersecurity, cloud security, OT security, and AI security.

Issuer: Cyber Security Agency of Singapore (CSA)
Jurisdiction: Singapore
Version: 04-2025 (Second edition)
Updated: Apr 2026

View detailscybersecurity · guidelines

BSI IT-Grundschutz-Compendium Edition 2022

The BSI IT-Grundschutz-Compendium Edition 2022 is a comprehensive cybersecurity guideline published by the German Federal Office for Information Security (BSI). It provides a structured methodology for implementing information security in organizations based on standardized modules and best practices.

Issuer: Federal Office for Information Security (BSI)
Jurisdiction: Germany
Version: 2022
Updated: Jan 2023

PrivacyRegulationIn 6clicks App

Consumer Data Right — Competition and Consumer (Consumer Data Right) Rules 2021

The Competition and Consumer (Consumer Data Right) Rules 2021 outline regulations for implementing Australia's Consumer Data Right (CDR) framework. They establish rules for data sharing, privacy safeguards, accreditation of data recipients, and dispute resolution processes.

Issuer: Department of the Treasury
Jurisdiction: Australia

View detailsconsumer data right · data sharing

Critical InfrastructureRegulationIn 6clicks App

Commission Implementing Regulation (EU) 2023/203

This regulation outlines requirements for the management of information security risks that could impact aviation safety. It applies to organisations and competent authorities operating in the aviation sector to ensure secure operations.

Issuer: European Union Aviation Safety Agency (EASA)
Jurisdiction: European Union
Version: 2023/203

View detailsaviation · information security

PrivacyRegulationIn 6clicks App

CDR Designation 2019 — Consumer Data Right (Authorised Deposit Taking Institutions) Designation 2019

This legislative instrument designates the banking sector in Australia as subject to the Consumer Data Right (CDR). It specifies which classes of information are included or excluded under the CDR framework.

Issuer: Australian Government
Jurisdiction: Australia
Version: 14 July 2023
Updated: Jul 2023

View detailsconsumer data · banking sector

View detailscorporate-governance · legislation

Corporations Regulations 2001 — Corporations Regulations 2001

The Corporations Regulations 2001 is a set of legislative rules in Australia that provide detailed regulations supporting the Corporations Act 2001. It governs key aspects of corporate governance, financial reporting, and administration within Australian companies.

Issuer: Australian Government
Jurisdiction: Australia
Version: 01 January 2022
Updated: Jan 2022

PrivacyRegulationIn 6clicks App

CDR Energy Sector Designation 2020 — Consumer Data Right (Energy Sector) Designation 2020

This legislative instrument designates the Australian energy sector under the Consumer Data Right (CDR) framework. It specifies the types of data, entities, and arrangements covered by CDR for energy consumers.

Issuer: Australian Government
Jurisdiction: Australia
Version: 26 June 2020
Updated: Jun 2020

View detailsconsumer data · energy

View detailscybersecurity · confidentiality

ITSP.10.171 — Protecting Specified Information in Non-Government of Canada Systems and Organizations

ITSP.10.171 sets out security requirements for protecting 'specified information' when it resides in non-Government of Canada systems or organizations. It aligns with NIST standards but adapts them to the Canadian regulatory environment.

Issuer: Canadian Centre for Cyber Security
Jurisdiction: Canada
Version: First release
Updated: Oct 2025

View detailsprivacy · personal-information

PIPEDA — Personal Information Protection and Electronic Documents Act

The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian federal law that sets rules for the collection, use, and disclosure of personal information in the course of commercial activities. It aims to balance individuals' privacy rights with industry needs for personal data use.

Issuer: Government of Canada
Jurisdiction: Canada
Updated: Mar 2025

View detailscybersecurity · small businesses

Baseline Cyber Security Controls for Small and Medium Organizations

The Baseline Cyber Security Controls for Small and Medium Organizations provides guidance from the Canadian Centre for Cyber Security to improve the resilience of smaller organizations through focused cybersecurity measures. It applies the 80/20 rule, aiming to achieve significant cybersecurity benefits with minimal effort.

Issuer: Canadian Centre for Cyber Security
Jurisdiction: Canada
Version: 1.2

AIRegulationIn 6clicks App

EU AI Act — EU Artificial Intelligence Act

The EU AI Act (Regulation (EU) 2024/1689) is the world’s first comprehensive law regulating artificial intelligence. It establishes a risk-based framework that classifies AI systems into four categories—unacceptable, high-risk, limited-risk, and minimal-risk—with stricter obligations applied to higher-risk systems.

Issuer: European Union
Jurisdiction: European Union
Version: January 2024
Updated: Apr 2021

View detailsartificial intelligence · trustworthy ai

View detailscybersecurity · compliance

SCF — Secure Controls Framework

The Secure Controls Framework (SCF) is a comprehensive, free cybersecurity and data privacy metaframework designed to simplify compliance and build secure, resilient organizations. It unifies control sets to simultaneously meet compliance requirements across multiple laws, regulations, and frameworks.

Issuer: Secure Controls Framework (SCF) Council
Version: 2023.2

View detailscybersecurity · IT infrastructure

Cyber Essentials v3.2 — Cyber Essentials Requirements for IT Infrastructure

Cyber Essentials is a UK government-backed scheme focused on protecting IT infrastructure from common cyber threats. Version 3.2 outlines updated security controls and practices.

Issuer: UK National Cyber Security Centre (NCSC)
Jurisdiction: United Kingdom
Version: 3.2

View detailsdata sharing · iot

EU Data Act — Regulation on harmonised rules on fair access to and use of data (Data Act)

The Data Act is an EU regulation that aims to establish fair rules for access to and use of data generated by connected devices. It promotes data sharing, safeguards user rights, and prevents unfair practices while supporting innovation and the data economy.

Issuer: European Commission
Jurisdiction: European Union
Version: (EU) 2023/2854
Updated: Dec 2025

View detailsfinancial services · corporations act

RG 175 — RG 175 AFS licensing: Financial product advisers—Conduct and disclosure

This regulatory guide outlines the conduct and disclosure obligations of financial product advisers who provide advice to retail clients in Australia. It focuses on requirements under Part 7.7 and Division 2 of Part 7.7A of the Corporations Act.

Issuer: Australian Securities and Investments Commission (ASIC)
Jurisdiction: Australia
Updated: Nov 2024

View detailscybersecurity · healthcare

ADHICS — Abu Dhabi Healthcare Information and Cyber Security Standard

The AAMEN programme ensures that all healthcare facilities in Abu Dhabi comply with information security and data privacy standards to safeguard patient data. It incorporates the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS) and aims to enhance cybersecurity governance, resilience, and innovation in the healthcare sector.

Issuer: Department of Health Abu Dhabi
Jurisdiction: Abu Dhabi, United Arab Emirates
Version: 2
Updated: May 2026

View detailsoutsourcing · risk management

CPS 231 — Prudential Standard CPS 231 Outsourcing

The Prudential Standard CPS 231 establishes requirements for outsourcing arrangements by financial institutions regulated by the Australian Prudential Regulation Authority (APRA). It aims to ensure that risks associated with outsourcing are effectively managed.

Issuer: Australian Prudential Regulation Authority (APRA)
Jurisdiction: Australia
Updated: Jul 2017

View detailsafs licence · licensing process

RG 1 — RG 1 Applying for and varying an AFS licence

This regulatory guide provides details on the process for applying for and varying an Australian Financial Services (AFS) licence. It outlines ASIC’s approach to assessing applications and the required documentation for submission.

Issuer: Australian Securities and Investments Commission (ASIC)
Jurisdiction: Australia

View detailscybersecurity · information assurance

UAE IA V2 — UAE Information Assurance Standard Version 2

The UAE Information Assurance Standard Version 2 (UAE IA V2) is a national cybersecurity framework issued by the UAE Cyber Security Council in 2025. It builds upon the previous version with updated controls and integrations to address modern technologies, such as AI/ML, IoT, cloud, and post-quantum cryptography.

Issuer: UAE Cyber Security Council
Jurisdiction: United Arab Emirates
Version: 2.0
Updated: Oct 2025

View detailsinternal dispute resolution · complaint management

RG 271 — RG 271 Internal Dispute Resolution

This regulatory guide outlines enforceable standards and requirements for internal dispute resolution (IDR) systems for financial firms in Australia. It specifies the obligations these firms must meet to comply with ASIC's IDR standards.

Issuer: Australian Securities and Investments Commission (ASIC)
Jurisdiction: Australia
Updated: Sep 2021