Cyber, critical infrastructure & AI standards — all in one place.

The latest standards, laws and regulations, with curated metadata, mapped controls and expert guidance from 6clicks. Built for GRC, compliance and security teams.

Browse by industry

Browse by sector. Each page shows relevant standards, laws, regulations, and frameworks.

Explore all industries

Content Library

Showing 19 of 19

CybersecurityFrameworkStandard

CCM v4.1 — Cloud Controls Matrix v4.1

The Cloud Controls Matrix (CCM) v4.1 is a cybersecurity control framework that consists of 207 controls across 17 security domains, specifically tailored for cloud security and privacy. The Consensus Assessment Initiative Questionnaire (CAIQ) accompanies the CCM, offering a set of assessment questions to evaluate security controls.

Cloud Security Alliance (CSA) • v4.1

View details
CybersecurityStandard

ISO/IEC 27018:2025 — ISO/IEC 27018:2025 Information security, cybersecurity and privacy protection — Guidelines for protection of personally identifiable information (PII) in public clouds acting as PII processors

ISO/IEC 27018:2025 is the global standard for managing personally identifiable information (PII) in public cloud services. It provides cloud providers with a framework to ensure privacy, security, and compliance when processing customer data.

International Organization for Standardization (ISO) • v2025

View details
PrivacyLaw

PRIS Act — Privacy and Responsible Information Sharing Act 2024

The Privacy and Responsible Information Sharing Act 2024 (PRIS Act) establishes a privacy framework for the Western Australian public sector. It introduces Information Privacy Principles (IPPs) and provisions for privacy complaints, privacy impact assessments, and a notifiable information breach scheme.

Government of Western Australia • Western Australia

View details
PrivacyControl set

NIST SP 800-53 Rev. 5.2 — Security and Privacy Controls for Information Systems and Organizations

NIST Special Publication 800-53 Rev. 5 provides a comprehensive catalog of security and privacy controls designed to safeguard organizational operations, assets, and individuals from a broad spectrum of risks including cyberattacks, human mistakes, and natural disasters. It is widely used for implementing security measures as part of risk management frameworks.

NIST (National Institute of Standards and Technology) • United States • v5.2.0

View details
PrivacyRegulation

India - (DPDP) Rules — India - Digital Personal Data Protection (DPDP) Rules

The Digital Personal Data Protection Rules, 2025 operationalize India’s Digital Personal Data Protection Act, 2023 by establishing detailed requirements for the collection, processing, storage, and protection of digital personal data. The Rules define obligations for organizations handling personal data, including consent management, breach notifications, data retention, and protections for children and vulnerable individuals. They also establish governance mechanisms such as the Data Protection Board and provide a phased implementation timeline for compliance.

Government of India • India • v2025

View details
PrivacyLaw

India - PDPD Act — India - Digital Personal Data Protection (PDPD) Act (Act No. 22 of 2023)

The Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023) establishes India’s legal framework for processing digital personal data while balancing individuals’ privacy rights with lawful data use. The Act defines obligations for organizations handling personal data, grants rights and duties to individuals, and introduces requirements for consent, data protection, and breach accountability. It also establishes the Data Protection Board of India to oversee compliance, adjudication, and enforcement of penalties for violations.

Government of India • India • v2023

View details
PrivacyLaw

Privacy Act

The Privacy Act of Canada governs the collection, use, retention, and disclosure of personal information by federal government institutions. It ensures that individuals have the right to access and correct their personal information held by the government.

Government of Canada • Canada

View details
PrivacyLaw

UAE Personal Data Protection Law — Federal Decree Law No. 45 of 2021 Regarding the Protection of Personal Data

The UAE Personal Data Protection Law establishes an integrated framework to ensure the confidentiality of information and protect individual privacy in the UAE. It governs the processing of personal data, defines the rights of data owners, sets requirements for cross-border data transfer, and outlines obligations for businesses handling personal data.

UAE Data Office • United Arab Emirates • v20 Sep 2021

View details
CybersecurityFrameworkControl set

SOC2 — SOC2 Trusted Services Criteria

SOC 2 is a framework for managing and reporting on controls at service organizations relevant to security, availability, processing integrity, confidentiality, and privacy. It aims to provide detailed information and assurance to stakeholders about how these controls are implemented to protect user data.

American Institute of Certified Public Accountants (AICPA) • United States

View details
PrivacyLaw

Privacy and Data Protection Act 2014 — Privacy and Data Protection Act 2014 Version No. 032

The Privacy and Data Protection Act 2014 establishes a framework for protecting personal information and ensuring data security within the State of Victoria, Australia. It sets out responsibilities for Victorian public sector agencies regarding personal data handling and protections.

Victorian Government • Victoria, Australia • version No. 032

View details
PrivacyRegulation

Consumer Data Right — Competition and Consumer (Consumer Data Right) Rules 2021

The Competition and Consumer (Consumer Data Right) Rules 2021 outline regulations for implementing Australia's Consumer Data Right (CDR) framework. They establish rules for data sharing, privacy safeguards, accreditation of data recipients, and dispute resolution processes.

Department of the Treasury • Australia

View details
PrivacyRegulation

CDR Energy Sector Designation 2020 — Consumer Data Right (Energy Sector) Designation 2020

This legislative instrument designates the Australian energy sector under the Consumer Data Right (CDR) framework. It specifies the types of data, entities, and arrangements covered by CDR for energy consumers.

Australian Government • Australia • v26 June 2020

View details
PrivacyLaw

PIPEDA — Personal Information Protection and Electronic Documents Act

The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian federal law that sets rules for the collection, use, and disclosure of personal information in the course of commercial activities. It aims to balance individuals' privacy rights with industry needs for personal data use.

Government of Canada • Canada

View details
CybersecurityFramework

SCF — Secure Controls Framework

The Secure Controls Framework (SCF) is a comprehensive, free cybersecurity and data privacy metaframework designed to simplify compliance and build secure, resilient organizations. It unifies control sets to simultaneously meet compliance requirements across multiple laws, regulations, and frameworks.

Secure Controls Framework (SCF) Council • v2026.1.1

View details
CybersecurityStandard

ADHICS — Abu Dhabi Healthcare Information and Cyber Security Standard

The AAMEN programme ensures that all healthcare facilities in Abu Dhabi comply with information security and data privacy standards to safeguard patient data. It incorporates the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS) and aims to enhance cybersecurity governance, resilience, and innovation in the healthcare sector.

Department of Health Abu Dhabi • Abu Dhabi, United Arab Emirates • v2

View details
AIStandard

AIUC-1 — AIUC-1

AIUC-1 is a standard focused on the security, safety, and reliability of AI agents used in enterprises. It addresses risks related to data privacy, security, accountability, and societal concerns while providing certification for compliant organizations.

Artificial Intelligence Underwriting Company (AIUC) • vApril 15, 2026

View details
PrivacyRegulation

GDPR — General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union to harmonize privacy regulations across member states. It governs the processing of personal data by organizations operating within the EU and those outside the EU that target EU residents.

European Parliament and Council of the European Union • European Union

View details
PrivacyLaw

APPs — Australian Privacy Principles

The Australian Privacy Principles (APPs) are a set of 13 principles that form the privacy protection framework under the Privacy Act 1988. They govern how personal information is collected, used, disclosed, and managed by organizations and agencies subject to the Act.

Office of the Australian Information Commissioner (OAIC) • Australia

View details
PrivacyLaw

Privacy Act 1988 — Privacy Act 1988

The Privacy Act 1988 is an Australian law that regulates the handling of personal information by businesses, government agencies, and other entities. It includes provisions for the Australian Privacy Principles, credit reporting, and notification of data breaches.

Australian Government • Australia • vNo. 119, 1988

View details

Ready to manage these frameworks?

6clicks maps regulations to controls, evidence and risks — automatically.

Book your strategy call