Compliance standards for Government
Curated standards, laws and regulations relevant to Government organizations. Updated continuously, with mapped controls and expert guidance from 6clicks.
All Government content · 18 items
India - (DPDP) Rules — India - Digital Personal Data Protection (DPDP) Rules
The Digital Personal Data Protection Rules, 2025 operationalize India’s Digital Personal Data Protection Act, 2023 by establishing detailed requirements for the collection, processing, storage, and protection of digital personal data. The Rules define obligations for organizations handling personal data, including consent management, breach notifications, data retention, and protections for children and vulnerable individuals. They also establish governance mechanisms such as the Data Protection Board and provide a phased implementation timeline for compliance.
Government of India • v2025
India - PDPD Act — India - Digital Personal Data Protection (PDPD) Act (Act No. 22 of 2023)
The Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023) establishes India’s legal framework for processing digital personal data while balancing individuals’ privacy rights with lawful data use. The Act defines obligations for organizations handling personal data, grants rights and duties to individuals, and introduces requirements for consent, data protection, and breach accountability. It also establishes the Data Protection Board of India to oversee compliance, adjudication, and enforcement of penalties for violations.
Government of India • India • v2023
Safe & Trusted Internet — Guidelines on Information Security Practices for Government Entities
The Safe & Trusted Internet Guidelines on Information Security Practices for Government Entities, issued by the Indian Computer Emergency Response Team (CERT-In), establish baseline cyber security controls and best practices to help government entities protect ICT infrastructure, systems, networks, and data against evolving cyber threats and strengthen India’s digital security posture.
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India • India
CBK Law — Law No. (32) of 1968 Concerning Currency, The Central Bank of Kuwait and The Regulation of Banking
Law No. (32) of 1968 establishes the legal framework for the establishment and operation of the Central Bank of Kuwait (CBK) and governs currency issuance, banking regulations, and financial supervision within Kuwait. It includes amendments to address evolving economic and regulatory needs.
Central Bank of Kuwait • Kuwait • v2021
PDSP — Protective Data Security Plan (PDSP) Single organisation PDSP form Version 3.7
Victorian public sector bodies are required to report on their information security practices to the Office of the Victorian Information Commissioner (OVIC). This includes submitting Protective Data Security Plans (PDSPs), annual attestations, and notifying OVIC of security incidents as outlined under the Victorian Protective Data Security Framework and Standards (VPDSF, VPDSS).
Office of the Victorian Information Commissioner (OVIC) • Victoria, Australia • v3.7
SOCIA 2018 — Security of Critical Infrastructure Act 2018
The Security of Critical Infrastructure Act 2018 (SOCIA) establishes a regulatory framework for managing national security risks to Australia’s critical infrastructure sectors. It introduces statutory obligations, reporting requirements, and oversight mechanisms for critical assets.
Australian Department of Home Affairs • Australia • vNo. 29, 2018
Privacy Act
The Privacy Act of Canada governs the collection, use, retention, and disclosure of personal information by federal government institutions. It ensures that individuals have the right to access and correct their personal information held by the government.
Government of Canada • Canada
National Greenhouse and Energy Reporting Act 2007
The National Greenhouse and Energy Reporting Act 2007 establishes a national framework for corporations to report their greenhouse gas emissions, energy production, and energy consumption. It aims to improve data transparency and inform government policy on climate change.
Australian Government • Australia
Fair Work Regulations 2009
The Fair Work Regulations 2009 provide detailed legislative backing to the Fair Work Act 2009, outlining the operational rules and requirements for employment relationships, industrial agreements, and workplace standards in Australia. It includes rules on employer obligations, employee protections, and compliance mechanisms.
Department of Employment and Workplace Relations (DEWR) • Australia
Clean Energy Act 2011
The Clean Energy Act 2011 establishes the framework for implementing a carbon pricing mechanism in Australia. It includes provisions for covered entities, emission obligations, and limits on emissions units.
Parliament of Australia • Australia
C2M2 — Cybersecurity Capability Maturity Model
The Cybersecurity Capability Maturity Model (C2M2) is a tool developed by the U.S. Department of Energy to help organizations evaluate and enhance their cybersecurity capabilities. It focuses on both IT and OT environments, offering a structured framework of over 350 practices organized into 10 domains.
U.S. Department of Energy • United States • v2.1
ECC 2-2024 — Essential Cybersecurity Controls
The Essential Cybersecurity Controls (ECC 2-2024) aim to enhance cybersecurity at the national level in Saudi Arabia. They provide policies and controls to protect the information and technological assets of national entities.
National Cybersecurity Authority • Kingdom of Saudi Arabia • v2-2024
DCC-1:2022 — Data Cybersecurity Controls
The Data Cybersecurity Controls (DCC-1:2022) establish minimum cybersecurity requirements to protect data throughout its lifecycle. Issued by the Saudi National Cybersecurity Authority, the controls build on existing cybersecurity frameworks to enhance the Kingdom's overall cybersecurity maturity.
National Cybersecurity Authority (NCA) • Kingdom of Saudi Arabia • v1:2022
IS18 — Information and Cyber Security Policy (IS18)
The Information and Cyber Security Policy (IS18) is a policy framework established by the Queensland Government to enhance information security and organizational resilience. It mandates the implementation of ISO 27001-based ISMS, systematic risk management, and compliance with the Australian Signals Directorate's Essential Eight Strategies for all Queensland Government agencies.
Queensland Government • Queensland, Australia • v9.0.0
UAE Personal Data Protection Law — Federal Decree Law No. 45 of 2021 Regarding the Protection of Personal Data
The UAE Personal Data Protection Law establishes an integrated framework to ensure the confidentiality of information and protect individual privacy in the UAE. It governs the processing of personal data, defines the rights of data owners, sets requirements for cross-border data transfer, and outlines obligations for businesses handling personal data.
UAE Data Office • United Arab Emirates • v20 Sep 2021
CMMC — Cybersecurity Maturity Model Certification
The Cybersecurity Maturity Model Certification (CMMC) Assessment Guide defines how organizations are evaluated for compliance with cybersecurity requirements when working with the U.S. Department of Defense. It outlines assessment methods, evidence expectations, and control validation aligned with standards like NIST SP 800-171. The guide ensures consistent and rigorous verification of an organization’s ability to protect sensitive information.
US Government • United States • v2.13
Privacy and Data Protection Act 2014 — Privacy and Data Protection Act 2014 Version No. 032
The Privacy and Data Protection Act 2014 establishes a framework for protecting personal information and ensuring data security within the State of Victoria, Australia. It sets out responsibilities for Victorian public sector agencies regarding personal data handling and protections.
Victorian Government • Victoria, Australia • version No. 032
VPDSS 2.0 — Victorian Protective Data Security Standards V2.0
The Victorian Protective Data Security Standards (VPDSS) establish 12 high-level mandatory requirements for the protection of public sector information in Victoria, Australia. These requirements cover governance, information, personnel, ICT, and physical security, focusing on a risk-managed approach tailored to the Victorian government context.
Office of the Victorian Information Commissioner (OVIC) • Victoria, Australia • v2.0
Manage Government compliance with 6clicks
The 6clicks platform maps these regulations to controls, evidence and risks — automatically.