Cyber, critical infrastructure & AI standards — all in one place.
The latest standards, laws and regulations, with curated metadata, mapped controls and expert guidance from 6clicks. Built for GRC, compliance and security teams.
Browse by industry
Browse by sector. Each page shows relevant standards, laws, regulations, and frameworks.
Explore all industriesContent Library
Showing 20 of 91
Qatar PDPPL — Qatar Personal Data Privacy Protection Law (Law No. (13) of 2016)
The Qatar Personal Data Privacy Protection Law (PDPPL), formally Law No. 13 of 2016, is the primary data protection framework in Qatar. It governs how organizations collect, process, store, transfer, and secure personal data belonging to individuals in the country.
Qatar National Cyber Security Agency (NCSA) • Qatar
NSW Cyber Security Policy
The NSW Cyber Security Policy outlines mandatory requirements that all NSW Government agencies must follow to ensure the effective management of cyber security risks to government information and systems. It mandates annual reporting by agencies and includes policy directives related to incident management, risk assessment, and compliance.
Cyber Security NSW • New South Wales, Australia
AESCSF v2 Core — Australian Energy Sector Cyber Security Framework
The Australian Energy Sector Cyber Security Framework (AESCSF) provides a structured approach for managing cybersecurity risks specific to the energy sector. Version 2 introduces updates and refinements to address evolving threats and ensure resilience.
Australian Energy Market Operator (AEMO) • Australia • v2.0
Privacy and Data Protection Act 2014 — Privacy and Data Protection Act 2014 Version No. 032
The Privacy and Data Protection Act 2014 establishes a framework for protecting personal information and ensuring data security within the State of Victoria, Australia. It sets out responsibilities for Victorian public sector agencies regarding personal data handling and protections.
Victorian Government • Victoria, Australia • version No. 032
Cyber Essentials Mark — CSA Cybersecurity Certification: Cyber Essentials Mark
The Cyber Essentials (2025) certification is a cybersecurity certification scheme developed by the Cyber Security Agency (CSA) of Singapore. It provides a framework for organisations to enhance their cybersecurity posture, covering areas like classical cybersecurity, cloud security, OT security, and AI security.
Cyber Security Agency of Singapore (CSA) • Singapore • v 04-2025 (Second edition)
BSI IT-Grundschutz-Compendium Edition 2022
The BSI IT-Grundschutz-Compendium Edition 2022 is a comprehensive cybersecurity guideline published by the German Federal Office for Information Security (BSI). It provides a structured methodology for implementing information security in organizations based on standardized modules and best practices.
Federal Office for Information Security (BSI) • Germany • v2022
Consumer Data Right — Competition and Consumer (Consumer Data Right) Rules 2021
The Competition and Consumer (Consumer Data Right) Rules 2021 outline regulations for implementing Australia's Consumer Data Right (CDR) framework. They establish rules for data sharing, privacy safeguards, accreditation of data recipients, and dispute resolution processes.
Department of the Treasury • Australia
Commission Implementing Regulation (EU) 2023/203
This regulation outlines requirements for the management of information security risks that could impact aviation safety. It applies to organisations and competent authorities operating in the aviation sector to ensure secure operations.
European Union Aviation Safety Agency (EASA) • European Union • v2023/203
CDR Designation 2019 — Consumer Data Right (Authorised Deposit Taking Institutions) Designation 2019
This legislative instrument designates the banking sector in Australia as subject to the Consumer Data Right (CDR). It specifies which classes of information are included or excluded under the CDR framework.
Australian Government • Australia • v14 July 2023
Corporations Regulations 2001 — Corporations Regulations 2001
The Corporations Regulations 2001 is a set of legislative rules in Australia that provide detailed regulations supporting the Corporations Act 2001. It governs key aspects of corporate governance, financial reporting, and administration within Australian companies.
Australian Government • Australia • v01 January 2022
CDR Energy Sector Designation 2020 — Consumer Data Right (Energy Sector) Designation 2020
This legislative instrument designates the Australian energy sector under the Consumer Data Right (CDR) framework. It specifies the types of data, entities, and arrangements covered by CDR for energy consumers.
Australian Government • Australia • v26 June 2020
ITSP.10.171 — Protecting Specified Information in Non-Government of Canada Systems and Organizations
ITSP.10.171 sets out security requirements for protecting 'specified information' when it resides in non-Government of Canada systems or organizations. It aligns with NIST standards but adapts them to the Canadian regulatory environment.
Canadian Centre for Cyber Security • Canada • vFirst release
PIPEDA — Personal Information Protection and Electronic Documents Act
The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian federal law that sets rules for the collection, use, and disclosure of personal information in the course of commercial activities. It aims to balance individuals' privacy rights with industry needs for personal data use.
Government of Canada • Canada
Baseline Cyber Security Controls for Small and Medium Organizations
The Baseline Cyber Security Controls for Small and Medium Organizations provides guidance from the Canadian Centre for Cyber Security to improve the resilience of smaller organizations through focused cybersecurity measures. It applies the 80/20 rule, aiming to achieve significant cybersecurity benefits with minimal effort.
Canadian Centre for Cyber Security • Canada • v1.2
EU AI Act — EU Artificial Intelligence Act
The EU AI Act (Regulation (EU) 2024/1689) is the world’s first comprehensive law regulating artificial intelligence. It establishes a risk-based framework that classifies AI systems into four categories—unacceptable, high-risk, limited-risk, and minimal-risk—with stricter obligations applied to higher-risk systems.
European Union • European Union • vJanuary 2024
SCF — Secure Controls Framework
The Secure Controls Framework (SCF) is a comprehensive, free cybersecurity and data privacy metaframework designed to simplify compliance and build secure, resilient organizations. It unifies control sets to simultaneously meet compliance requirements across multiple laws, regulations, and frameworks.
Secure Controls Framework (SCF) Council • v2023.2
Cyber Essentials v3.2 — Cyber Essentials Requirements for IT Infrastructure
Cyber Essentials is a UK government-backed scheme focused on protecting IT infrastructure from common cyber threats. Version 3.2 outlines updated security controls and practices.
UK National Cyber Security Centre (NCSC) • United Kingdom • v3.2
EU Data Act — Regulation on harmonised rules on fair access to and use of data (Data Act)
The Data Act is an EU regulation that aims to establish fair rules for access to and use of data generated by connected devices. It promotes data sharing, safeguards user rights, and prevents unfair practices while supporting innovation and the data economy.
European Commission • European Union • v(EU) 2023/2854
RG 175 — RG 175 AFS licensing: Financial product advisers—Conduct and disclosure
This regulatory guide outlines the conduct and disclosure obligations of financial product advisers who provide advice to retail clients in Australia. It focuses on requirements under Part 7.7 and Division 2 of Part 7.7A of the Corporations Act.
Australian Securities and Investments Commission (ASIC) • Australia
ADHICS — Abu Dhabi Healthcare Information and Cyber Security Standard
The AAMEN programme ensures that all healthcare facilities in Abu Dhabi comply with information security and data privacy standards to safeguard patient data. It incorporates the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS) and aims to enhance cybersecurity governance, resilience, and innovation in the healthcare sector.
Department of Health Abu Dhabi • Abu Dhabi, United Arab Emirates • v2
Ready to operationalize these standards?
6clicks maps regulations to controls, evidence and risks automatically.