Cyber, critical infrastructure & AI standards — all in one place.
The latest standards, laws and regulations, with curated metadata, mapped controls and expert guidance from 6clicks. Built for GRC, compliance and security teams.
All content · 15 items
CDR Energy Sector Designation 2020 — Consumer Data Right (Energy Sector) Designation 2020
This legislative instrument designates the Australian energy sector under the Consumer Data Right (CDR) framework. It specifies the types of data, entities, and arrangements covered by CDR for energy consumers.
- Issuer
- Australian Government
- Jurisdiction
- Australia
- Version
- 26 June 2020
- Updated
- Jun 2020
APPs — Australian Privacy Principles
The Australian Privacy Principles (APPs) are a set of 13 principles that form the privacy protection framework under the Privacy Act 1988. They govern how personal information is collected, used, disclosed, and managed by organizations and agencies subject to the Act.
- Issuer
- Office of the Australian Information Commissioner (OAIC)
- Jurisdiction
- Australia
UAE Personal Data Protection Law — Federal Decree Law No. 45 of 2021 Regarding the Protection of Personal Data
The UAE Personal Data Protection Law establishes an integrated framework to ensure the confidentiality of information and protect individual privacy in the UAE. It governs the processing of personal data, defines the rights of data owners, sets requirements for cross-border data transfer, and outlines obligations for businesses handling personal data.
- Issuer
- UAE Data Office
- Jurisdiction
- United Arab Emirates
- Version
- 20 Sep 2021
Consumer Data Right — Competition and Consumer (Consumer Data Right) Rules 2021
The Competition and Consumer (Consumer Data Right) Rules 2021 outline regulations for implementing Australia's Consumer Data Right (CDR) framework. They establish rules for data sharing, privacy safeguards, accreditation of data recipients, and dispute resolution processes.
- Issuer
- Department of the Treasury
- Jurisdiction
- Australia
SOC2 — SOC2 Trusted Services Criteria
SOC 2 is a framework for managing and reporting on controls at service organizations relevant to security, availability, processing integrity, confidentiality, and privacy. It aims to provide detailed information and assurance to stakeholders about how these controls are implemented to protect user data.
- Issuer
- American Institute of Certified Public Accountants (AICPA)
- Jurisdiction
- United States
- Updated
- Sep 2022
SCF — Secure Controls Framework
The Secure Controls Framework (SCF) is a comprehensive, free cybersecurity and data privacy metaframework designed to simplify compliance and build secure, resilient organizations. It unifies control sets to simultaneously meet compliance requirements across multiple laws, regulations, and frameworks.
- Issuer
- Secure Controls Framework (SCF) Council
- Version
- 2023.2
AIUC-1 — AIUC-1
AIUC-1 is a standard focused on the security, safety, and reliability of AI agents used in enterprises. It addresses risks related to data privacy, security, accountability, and societal concerns while providing certification for compliant organizations.
- Issuer
- Artificial Intelligence Underwriting Company (AIUC)
- Version
- April 15, 2026
Privacy Act
The Privacy Act of Canada governs the collection, use, retention, and disclosure of personal information by federal government institutions. It ensures that individuals have the right to access and correct their personal information held by the government.
- Issuer
- Government of Canada
- Jurisdiction
- Canada
- Updated
- Jun 2025
Privacy Act 1988 — Privacy Act 1988
The Privacy Act 1988 is an Australian law that regulates the handling of personal information by businesses, government agencies, and other entities. It includes provisions for the Australian Privacy Principles, credit reporting, and notification of data breaches.
- Issuer
- Australian Government
- Jurisdiction
- Australia
- Version
- No. 119, 1988
Privacy and Data Protection Act 2014 — Privacy and Data Protection Act 2014 Version No. 032
The Privacy and Data Protection Act 2014 establishes a framework for protecting personal information and ensuring data security within the State of Victoria, Australia. It sets out responsibilities for Victorian public sector agencies regarding personal data handling and protections.
- Issuer
- Victorian Government
- Jurisdiction
- Victoria, Australia
- Version
- Version No. 032
- Updated
- May 2026
PIPEDA — Personal Information Protection and Electronic Documents Act
The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian federal law that sets rules for the collection, use, and disclosure of personal information in the course of commercial activities. It aims to balance individuals' privacy rights with industry needs for personal data use.
- Issuer
- Government of Canada
- Jurisdiction
- Canada
- Updated
- Mar 2025
GDPR — General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union to harmonize privacy regulations across member states. It governs the processing of personal data by organizations operating within the EU and those outside the EU that target EU residents.
- Issuer
- European Parliament and Council of the European Union
- Jurisdiction
- European Union
- Updated
- May 2018
India - (DPDP) Rules — India - Digital Personal Data Protection (DPDP) Rules
The Digital Personal Data Protection Rules, 2025 operationalize India’s Digital Personal Data Protection Act, 2023 by establishing detailed requirements for the collection, processing, storage, and protection of digital personal data. The Rules define obligations for organizations handling personal data, including consent management, breach notifications, data retention, and protections for children and vulnerable individuals. They also establish governance mechanisms such as the Data Protection Board and provide a phased implementation timeline for compliance.
- Issuer
- Government of India
- Version
- 2025
- Updated
- Jan 2025
ADHICS — Abu Dhabi Healthcare Information and Cyber Security Standard
The AAMEN programme ensures that all healthcare facilities in Abu Dhabi comply with information security and data privacy standards to safeguard patient data. It incorporates the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS) and aims to enhance cybersecurity governance, resilience, and innovation in the healthcare sector.
- Issuer
- Department of Health Abu Dhabi
- Jurisdiction
- Abu Dhabi, United Arab Emirates
- Version
- 2
- Updated
- May 2026
India - PDPD Act — India - Digital Personal Data Protection (PDPD) Act (Act No. 22 of 2023)
The Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023) establishes India’s legal framework for processing digital personal data while balancing individuals’ privacy rights with lawful data use. The Act defines obligations for organizations handling personal data, grants rights and duties to individuals, and introduces requirements for consent, data protection, and breach accountability. It also establishes the Data Protection Board of India to oversee compliance, adjudication, and enforcement of penalties for violations.
- Issuer
- Government of India
- Jurisdiction
- India
- Version
- 2023
- Updated
- Aug 2023
Looking for sector-specific guidance?
Each industry page bundles the standards that matter most for that sector, with expert commentary and links to the 6clicks platform.
Critical Infraustructure
Critical infrastructure spans the energy, water, transport, healthcare, and communications sectors whose disruption would impact national security, safety, and the economy.
See itemsDefense
6clicks deploys inside classified and air-gapped environments, meets strict data handling requirements, and keeps your program audit-ready.
See itemsFinance Sector
Pertains to banking, insurance, and financial services, focusing on regulatory compliance, risk management, and financial integrity.
See itemsGovernment
See itemsReady to operationalize these standards?
The 6clicks platform maps these regulations to controls, evidence and risks — automatically.