Click on a country button or map region to view regulatory frameworks
| Region | Country | Jurisdiction | Category | Name | Acronym | Scope | Authority | Applicability | Status |
|---|---|---|---|---|---|---|---|---|---|
| Africa |
Egypt National |
National | Law |
Personal Data Protection Law
2020 Jul 2020 |
PDPL (Egypt) | Privacy | Egyptian Data Protection Center | Applies to controllers and processors of Egyptian residents’ data. | Active |
| Africa |
Kenya National |
National | Law |
Data Protection Act
2019 Nov 2019 |
DPA (Kenya) | Privacy |
Office of the Data Protection Commissioner Website |
Applies to controllers and processors handling personal data of Kenyan residents. | Active |
| Africa |
Nigeria National |
National | Law |
Nigeria Data Protection Regulation
2019 Jan 2019 |
NDPR | Privacy |
Nigeria Data Protection Bureau Website |
Applies to all organizations processing Nigerian personal data. | Active |
| Africa |
South Africa National |
National | Law |
Protection of Personal Information Act
2013 Nov 2013 |
POPIA | Privacy |
Information Regulator South Africa Website |
Applies to public and private bodies processing data in South Africa. | Active |
| Asia-Pacific | Australia | Federal | Framework | Essential Eight Maturity Model | N/A | Cybersecurity controls | ACSC | Government and enterprise | Active |
| Asia-Pacific | Australia | Federal | Law | Notifiable Data Breaches Scheme | NDB | Data breach notification | OAIC | Organizations covered by Privacy Act | Active |
| Asia-Pacific | China | National | Law | Personal Information Protection Law | PIPL | Personal information protection | Cyberspace Administration of China | Organizations processing personal information in China | Active |
| Asia-Pacific | India | National | Bill | Digital Personal Data Protection Act | DPDPA | Personal data protection | Government of India | Organizations processing personal data in India | Active |
| Asia-Pacific | Japan | National | Law | Act on Protection of Personal Information | APPI | Personal information protection | PPC | Personal information handling entities | Active |
| Asia-Pacific | Singapore | National | Law | Cybersecurity Act 2018 | N/A | Critical infrastructure security | CSA | Critical information infrastructure | Active |
| Europe |
European Union EU-wide |
Supranational | Law |
Artificial Intelligence Act
2024 Jun 2024 |
EU AI Act | AI |
European Commission Website |
Providers and users of AI systems in the EU. |
Active
Updated: Jun 2024 |
| Europe | European Union | Supranational | Regulation | Digital Operational Resilience Act | DORA | Financial services ICT resilience | European Commission | Financial institutions and critical ICT service providers | Active |
| Europe | European Union | Supranational | Regulation | General Data Protection Regulation | GDPR | Data protection and privacy | European Commission | EU member states and global organizations processing EU data | Active |
| Europe | European Union | Supranational | Directive | Network and Information Security Directive 2 | NIS2 | Cybersecurity for critical infrastructure | European Commission | Essential and important entities across EU | Active |
| Europe | France | National | Law | Loi Informatique et Libertés | N/A | Data protection and privacy | CNIL | French organizations | Active |
| Europe | Germany | National | Law | Bundesdatenschutzgesetz | BDSG | Federal data protection | BfDI | German organizations | Active |
| Europe | United Kingdom | National | Law | Data Protection Act 2018 | DPA 2018 | Data protection implementation | ICO | UK organizations | Active |
| Europe | United Kingdom | National | Law | UK General Data Protection Regulation | UK GDPR | Data protection | ICO | UK data controllers and processors | Active |
| Global | Global | International | Framework | COBIT 2019 | N/A | IT governance and management | ISACA | Enterprise IT governance | Active |
| Global | Global | International | Framework | FAIR Risk Assessment | N/A | Quantitative risk analysis | FAIR Institute | Organizations doing risk quantification | Active |
| Global |
Global Global |
Global | Framework |
GRI Standards
2021 Oct 2021 |
GRI | ESG |
Global Reporting Initiative Website |
Organizations globally. |
Active
Updated: Jan 2023 |
| Global | Global | International | Standard | ISO 22301:2019 | N/A | Business continuity management | ISO | Organizations requiring business continuity | Active |
| Global | Global | International | Standard | ISO/IEC 27002:2022 | N/A | Information security controls | ISO/IEC | Organizations implementing ISO 27001 | Active |
| Global |
Global Global |
Global | Framework |
OECD AI Principles
2019 May 2019 |
OECD AI | AI |
OECD Website |
Voluntary; adopted by OECD members and beyond. |
Active
Updated: Jan 2021 |
| Global | Global | Industry | Standard | SWIFT Customer Security Programme | CSP | Financial messaging security | SWIFT | SWIFT users | Active |
| Global |
Global Global |
Global | Framework |
UN GGE Cyber Norms
2021 Aug 2021 |
UN GGE Norms | Cybersecurity | United Nations | Nation states in cyberspace. |
Active
Updated: Aug 2021 |
| Middle East |
Qatar National |
National | Law |
Personal Data Privacy Protection Law
2016 Nov 2016 |
PDPL (Qatar) | Privacy |
Ministry of Transport and Communications Website |
Applies to controllers and processors handling personal data in Qatar. | Active |
| Middle East |
Saudi Arabia National |
National | Law |
Personal Data Protection Law
2021 Sep 2021 |
PDPL (Saudi Arabia) | Privacy |
SDAIA Website |
Applies to processing of Saudi residents’ data, including by foreign entities. | Active |
| Middle East |
United Arab Emirates National |
National | Law |
Federal Decree-Law No. 45 of 2021 on Personal Data Protection
2021 Nov 2021 |
UAE PDPL | Privacy |
UAE Data Office Website |
Applies nationwide across Emirates; overseen by UAE Data Office. | Active |
| North America |
Canada Alberta |
Provincial | Law |
Access to Information Act (Alberta)
Jun 2025 |
ATIA (AB) | Access & Privacy | Govt of Alberta | Public bodies in Alberta. |
Active
Updated: Jun 2025 |
| North America |
Canada Yukon |
Territorial | Law |
Access to Information and Protection of Privacy Act
Oct 1996 |
YT ATIPP | Access & Privacy | Govt of Yukon | Yukon public bodies. |
Active
Updated: Jan 2021 |
| North America |
Canada Northwest Territories |
Territorial | Law |
Access to Information and Protection of Privacy Act
Dec 1996 |
NWT ATIPP | Access & Privacy | Govt of NWT / IPC | NWT public bodies. |
Active
Updated: Jan 2021 |
| North America |
Canada Nunavut |
Territorial | Law |
Access to Information and Protection of Privacy Act
Apr 1999 |
NU ATIPP | Access & Privacy | Govt of Nunavut / IPC | Nunavut public bodies. |
Active
Updated: Jan 2021 |
| North America |
Canada Newfoundland and Labrador |
Provincial | Law |
Access to Information and Protection of Privacy Act, 2015
2015 Jun 2015 |
NL ATIPPA | Access & Privacy | Govt of NL | NL public bodies. |
Active
Updated: Jan 2021 |
| North America |
Canada Quebec |
Provincial | Law |
Act respecting Access to documents held by public bodies and the Protection of personal information
Jun 1982 |
QC Access Act | Access & Privacy |
Government of Quebec / CAI Website |
Quebec public bodies. |
Active
Updated: Jan 2021 |
| North America | Canada | Provincial | Law | Act respecting the protection of personal information (Quebec) | ARPPIPS | Private sector privacy | Government of Quebec | Quebec private sector | Active |
| North America |
Canada Quebec |
Provincial | Law |
Act respecting the protection of personal information in the private sector (as amended by Law 25)
Law 25 Sep 2022 |
QC Private-Sector Act | Privacy |
Government of Quebec / CAI Website |
Quebec private-sector orgs. |
Active
Updated: Sep 2024 |
| North America |
Canada Federal |
Federal | Law |
Canada Anti-Spam Legislation
2014 Jul 2014 |
CASL | Cybersecurity |
CRTC / ISED / Competition Bureau Website |
Any entity sending CEMs to Canadian recipients or installing software on users? devices. |
Active
Updated: Jul 2019 |
| North America |
Canada Federal |
Federal | Law |
Canada Anti-Spam Legislation
2014 Jul 2014 |
CASL | Cybersecurity |
CRTC / ISED / Competition Bureau Website |
Any entity sending CEMs to Canadian recipients or installing software on users? devices. |
Active
Updated: Jul 2019 |
| North America |
Canada Federal |
Federal | Framework |
CIS Critical Security Controls v8
v8 May 2021 |
CIS Controls | Cybersecurity |
Center for Internet Security Website |
Voluntary prioritized controls. |
Active
Updated: Jan 2023 |
| North America | Canada | Federal | Framework | Cyber Security Framework for Critical Infrastructure | N/A | Critical infrastructure protection | Public Safety Canada | Critical infrastructure operators | Active |
| North America | Canada | Federal | Law | Digital Charter Implementation Act (Bill C-27) | N/A | Consumer privacy protection | Parliament of Canada | Proposed federal privacy law to replace PIPEDA | Active |
| North America |
Canada British Columbia |
Provincial | Law |
E-Health (Personal Health Information Access and Protection of Privacy) Act
May 2008 |
BC E-Health Act | Health | Govt of BC | Designated health information banks. |
Active
Updated: Jan 2015 |
| North America |
Canada British Columbia |
Provincial | Law |
Freedom of Information and Protection of Privacy Act
Oct 1993 |
BC FIPPA/FOIPPA | Access & Privacy |
Govt of BC / OIPC Website |
BC public bodies. |
Active
Updated: Nov 2021 |
| North America |
Canada Manitoba |
Provincial | Law |
Freedom of Information and Protection of Privacy Act
May 1998 |
MB FIPPA | Access & Privacy | Govt of Manitoba | Manitoba public bodies. |
Active
Updated: Jan 2022 |
| North America |
Canada Nova Scotia |
Provincial | Law |
Freedom of Information and Protection of Privacy Act
Nov 1994 |
NS FOIPOP | Access & Privacy | Govt of NS | NS public bodies. |
Active
Updated: Jan 2022 |
| North America |
Canada Prince Edward Island |
Provincial | Law |
Freedom of Information and Protection of Privacy Act
Nov 2002 |
PEI FOIPP | Access & Privacy | Govt of PEI | PEI public bodies. |
Active
Updated: Jan 2022 |
| North America |
Canada Ontario |
Provincial | Law |
Freedom of Information and Protection of Privacy Act & Municipal FIPPA
Jan 1988 |
ON FIPPA/MFIPPA | Access & Privacy |
Govt of Ontario / IPC Website |
Ontario provincial ministries, agencies; municipal institutions under MFIPPA. |
Active
Updated: Jan 2020 |
| North America |
Canada Alberta |
Provincial | Law |
Health Information Act
Apr 2001 |
HIA (AB) | Health | Govt of Alberta | Custodians of PHI in Alberta. |
Active
Updated: Mar 2020 |
| North America |
Canada Prince Edward Island |
Provincial | Law |
Health Information Act
Dec 2017 |
PEI HIA | Health | Govt of PEI / OIPC | Custodians of PHI in PEI. |
Active
Updated: Jan 2020 |
| North America |
Canada Northwest Territories |
Territorial | Law |
Health Information Act
Oct 2015 |
HIA (NWT) | Health | Govt of NWT | Custodians of PHI in NWT. |
Active
Updated: Jan 2020 |
| North America |
Canada Yukon |
Territorial | Law |
Health Information Privacy and Management Act
Aug 2016 |
HIPMA (YT) | Health | Govt of Yukon | Custodians of PHI in Yukon. |
Active
Updated: Jan 2020 |
| North America |
Canada Nunavut |
Territorial | Law |
Health privacy (consultations underway)
Nov -0001 |
NU Health (planned) | Health | Govt of Nunavut | Nunavut health sector (future). |
Active
Updated: Nov -0001 |
| North America |
Canada Quebec |
Provincial | Law |
Health privacy (sectoral provisions)
Nov -0001 |
QC Health Sectoral | Health |
Government of Quebec / CAI Website |
Quebec health sector entities. |
Active
Updated: Nov -0001 |
| North America |
Canada Federal |
Federal | Framework |
ISO/IEC 27001:2022
2022 Oct 2022 |
ISO 27001 | Information Security |
ISO/IEC Website |
International certification standard adopted in Canada. |
Active
Updated: Oct 2022 |
| North America |
Canada Federal |
Federal | Framework |
ITSG-33: IT Security Risk Management ? A Lifecycle Approach
Jan 2012 |
ITSG-33 | Cybersecurity |
Canadian Centre for Cyber Security Website |
Gov of Canada; referenced by industry as good practice. |
Active
Updated: Jan 2019 |
| North America | Canada | Federal | Framework | National Cyber Security Strategy | N/A | National cybersecurity | Public Safety Canada | Government and critical infrastructure | Active |
| North America |
Canada Federal |
Federal | Framework |
NIST Cybersecurity Framework 2.0
2.0 Feb 2024 |
NIST CSF | Cybersecurity |
NIST Website |
Voluntary; widely adopted by Canadian and U.S. orgs. |
Active
Updated: Feb 2024 |
| North America |
Canada Federal |
Federal | Framework |
PCI DSS v4.0
4.0 Mar 2022 |
PCI DSS | Payments |
PCI SSC Website |
Any entity that stores/processes/transmits cardholder data. |
Active
Updated: Jan 2024 |
| North America |
Canada Manitoba |
Provincial | Law |
Personal Health Information Act
Dec 1997 |
MB PHIA | Health | Govt of Manitoba | Custodians of PHI in Manitoba. |
Active
Updated: Jan 2022 |
| North America |
Canada Newfoundland and Labrador |
Provincial | Law |
Personal Health Information Act
Apr 2011 |
NL PHIA | Health | Govt of NL | Custodians of PHI in NL. |
Active
Updated: Jan 2020 |
| North America |
Canada Nova Scotia |
Provincial | Law |
Personal Health Information Act
Jun 2013 |
NS PHIA | Health | Govt of NS | Custodians of PHI in NS. |
Active
Updated: Jan 2020 |
| North America |
Canada New Brunswick |
Provincial | Law |
Personal Health Information Privacy and Access Act
Jun 2010 |
NB PHIPAA | Health | Govt of New Brunswick | Custodians of PHI in NB. |
Active
Updated: Jan 2020 |
| North America |
Canada Ontario |
Provincial | Law |
Personal Health Information Protection Act
Nov 2004 |
PHIPA (ON) | Health |
Govt of Ontario / IPC Website |
Health information custodians in Ontario. |
Active
Updated: Mar 2020 |
| North America |
Canada Alberta |
Provincial | Law |
Personal Information Protection Act
Jan 2004 |
AB PIPA | Privacy |
Govt of Alberta / OIPC Website |
Alberta private-sector orgs. |
Active
Updated: Jun 2019 |
| North America |
Canada British Columbia |
Provincial | Law |
Personal Information Protection Act
Jan 2004 |
BC PIPA | Privacy |
Govt of BC / OIPC Website |
BC private-sector organizations. |
Active
Updated: Nov 2021 |
| North America | Canada | Provincial | Law | Personal Information Protection Act (Alberta) | PIPA | Private sector privacy | Government of Alberta | Alberta private sector organizations | Active |
| North America | Canada | Provincial | Law | Personal Information Protection Act (British Columbia) | PIPA | Private sector privacy | Government of British Columbia | BC private sector organizations | Active |
| North America |
Canada Federal |
Federal | Law |
Personal Information Protection and Electronic Documents Act
S.C. 2000, c.5 Jan 2001 |
PIPEDA | Privacy |
Parliament of Canada / OPC Website |
Private-sector orgs in commercial activities nationwide except where substantially similar provincial laws exist (AB, BC, QC). |
Active
Updated: Nov 2018 |
| North America |
Canada Federal |
Federal | Law |
Personal Information Protection and Electronic Documents Act
S.C. 2000, c.5 Jan 2001 |
PIPEDA | Privacy |
Parliament of Canada / OPC Website |
Private-sector orgs in commercial activities nationwide except where substantially similar provincial laws exist (AB, BC, QC). |
Active
Updated: Nov 2018 |
| North America |
Canada Manitoba |
Provincial | Law |
PIPEDA (federal) applies
Jan 2001 |
PIPEDA (MB) | Privacy |
Parliament of Canada / OPC Website |
MB private sector (no MB-specific law). |
Active
Updated: Nov 2018 |
| North America |
Canada New Brunswick |
Provincial | Law |
PIPEDA (federal) applies
Jan 2001 |
PIPEDA (NB) | Privacy |
Parliament of Canada / OPC Website |
NB private sector (no NB-specific law). |
Active
Updated: Nov 2018 |
| North America |
Canada Newfoundland and Labrador |
Provincial | Law |
PIPEDA (federal) applies
Jan 2001 |
PIPEDA (NL) | Privacy |
Parliament of Canada / OPC Website |
NL private sector (no NL-specific law). |
Active
Updated: Nov 2018 |
| North America |
Canada Nova Scotia |
Provincial | Law |
PIPEDA (federal) applies
Jan 2001 |
PIPEDA (NS) | Privacy |
Parliament of Canada / OPC Website |
NS private sector (no NS-specific law). |
Active
Updated: Nov 2018 |
| North America |
Canada Ontario |
Provincial | Law |
PIPEDA (federal) applies
Jan 2001 |
PIPEDA (ON) | Privacy |
Parliament of Canada / OPC Website |
ON private sector (no ON-specific general private-sector law). |
Active
Updated: Nov 2018 |
| North America |
Canada Prince Edward Island |
Provincial | Law |
PIPEDA (federal) applies
Jan 2001 |
PIPEDA (PEI) | Privacy |
Parliament of Canada / OPC Website |
PEI private sector (no PEI-specific law). |
Active
Updated: Nov 2018 |
| North America |
Canada Saskatchewan |
Provincial | Law |
PIPEDA (federal) applies
Jan 2001 |
PIPEDA (SK) | Privacy |
Parliament of Canada / OPC Website |
SK private sector (no SK-specific law). |
Active
Updated: Nov 2018 |
| North America |
Canada Yukon |
Territorial | Law |
PIPEDA (federal) applies
Jan 2001 |
PIPEDA (YT) | Privacy |
Parliament of Canada / OPC Website |
YT private sector (no YT-specific law). |
Active
Updated: Nov 2018 |
| North America |
Canada Northwest Territories |
Territorial | Law |
PIPEDA (federal) applies
Jan 2001 |
PIPEDA (NWT) | Privacy |
Parliament of Canada / OPC Website |
NWT private sector (no NWT-specific law). |
Active
Updated: Nov 2018 |
| North America |
Canada Nunavut |
Territorial | Law |
PIPEDA (federal) applies
Jan 2001 |
PIPEDA (NU) | Privacy |
Parliament of Canada / OPC Website |
NU private sector (no NU-specific law). |
Active
Updated: Nov 2018 |
| North America | Canada | Federal | Law | Proceeds of Crime (Money Laundering) and Terrorist Financing Act | PCMLTFA | Anti-money laundering | FINTRAC | Financial institutions and reporting entities | Active |
| North America |
Canada Alberta |
Provincial | Law |
Protection of Privacy Act (Alberta)
Jun 2025 |
POPA (AB) | Privacy | Govt of Alberta | Public bodies in Alberta. |
Active
Updated: Jun 2025 |
| North America |
Canada New Brunswick |
Provincial | Law |
Right to Information and Protection of Privacy Act
Sep 2012 |
NB RTIPPA | Access & Privacy | Govt of New Brunswick | NB public bodies. |
Active
Updated: Jan 2022 |
| North America |
Canada Federal |
Federal | Framework |
SOC 2 (AICPA Trust Services Criteria)
TSC 2017 Dec 2017 |
SOC 2 | Assurance |
AICPA Website |
Service organizations. |
Active
Updated: Oct 2022 |
| North America |
Canada Saskatchewan |
Provincial | Law |
The Freedom of Information and Protection of Privacy Act
Dec 1992 |
SK FOIP | Access & Privacy |
Govt of Saskatchewan / IPC Website |
Saskatchewan provincial institutions. |
Active
Updated: Jan 2022 |
| North America |
Canada Saskatchewan |
Provincial | Law |
The Health Information Protection Act
Sep 2003 |
HIPA (SK) | Health | Govt of Saskatchewan | Trustees of PHI in SK. |
Active
Updated: Jan 2020 |
| North America |
Canada Saskatchewan |
Provincial | Law |
The Local Authority Freedom of Information and Protection of Privacy Act
Oct 1993 |
SK LA FOIP | Access & Privacy |
Govt of Saskatchewan / IPC Website |
Municipalities, school boards, etc. |
Active
Updated: Jan 2022 |
| North America |
United States Illinois |
State | Law |
Biometric Information Privacy Act
Oct 2008 |
BIPA | Privacy | State of Illinois | Private entities collecting biometric identifiers or information. |
Active
Updated: Jan 2019 |
| North America |
United States California |
State | Law |
California Consumer Privacy Act / California Privacy Rights Act
CPRA (Prop 24) Dec 2020 |
CCPA/CPRA | Privacy |
California CPPA Website |
For-profit businesses meeting CA thresholds. |
Active
Updated: Jan 2023 |
| North America |
United States Federal |
Federal | Law |
Children Online Privacy Protection Act
1998 Oct 1998 |
COPPA | Privacy |
FTC Website |
Websites/apps directed to children under 13. |
Active
Updated: Jul 2013 |
| North America |
United States Federal |
Federal | Law |
Children Online Privacy Protection Act
1998 Oct 1998 |
COPPA | Privacy |
Federal Trade Commission Website |
Websites and apps directed to children under 13. |
Active
Updated: Jul 2013 |
| North America |
United States Colorado |
State | Law |
Colorado Artificial Intelligence Act
May 2024 |
CO AI Act | AI | State of Colorado | Developers and deployers of high-risk AI affecting CO consumers. |
Active
Updated: May 2024 |
| North America |
United States Colorado |
State | Law |
Colorado Privacy Act
Jul 2021 |
CPA | Privacy | State of Colorado | Controllers/processors meeting CO thresholds. |
Active
Updated: Jan 2024 |
| North America |
United States Connecticut |
State | Law |
Connecticut Data Privacy Act
May 2022 |
CTDPA | Privacy | State of Connecticut | Entities handling CT residents? data; thresholds apply. |
Active
Updated: Jan 2024 |
| North America |
United States Nevada |
State | Law |
Consumer Health Data Privacy Law
SB 370 (2023) Jun 2023 |
NV CHDPL | Privacy | State of Nevada | Entities processing consumer health data of NV residents. |
Active
Updated: Dec 2023 |
| North America |
United States Federal |
Federal | Framework |
Cybersecurity Maturity Model Certification
2.0 Nov 2021 |
CMMC | Cybersecurity |
U.S. Department of Defense Website |
DoD supply chain (primes and subs). |
Active
Updated: Jan 2024 |
| North America |
United States New York |
State | Regulation |
Cybersecurity Requirements for Financial Services Companies
23 NYCRR 500 Mar 2017 |
23 NYCRR 500 | Cybersecurity |
New York Department of Financial Services Website |
Financial services entities licensed or regulated by NYDFS. |
Active
Updated: Nov 2023 |
| North America |
United States Delaware |
State | Law |
Delaware Personal Data Privacy Act
HB 154 (2023) Sep 2023 |
DPDPA (DE) | Privacy | State of Delaware | Controllers meeting DE thresholds. |
Active
Updated: Sep 2023 |
| North America |
United States California |
State | Law |
Delete Act (Data Broker Registry and Deletion Mechanism)
SB 362 (2023) Jan 2024 |
CA Delete Act | Privacy | California CPPA | Data brokers registered in California. |
Active
Updated: Oct 2024 |
| North America |
United States Federal |
Federal | Law |
Family Educational Rights and Privacy Act
1974 Aug 1974 |
FERPA | Privacy |
U.S. Dept of Education Website |
Educational institutions receiving federal funds. |
Active
Updated: Jan 2021 |
| North America |
United States Federal |
Federal | Law |
Federal Information Security Modernization Act
2014 Dec 2014 |
FISMA | Cybersecurity |
U.S. Congress / NIST Website |
Federal agencies and contractors. |
Active
Updated: Jan 2022 |
| North America |
United States Federal |
Federal | Law |
Gramm-Leach-Bliley Act
1999 Nov 1999 |
GLBA | Privacy |
FTC / Federal Banking Agencies Website |
Financial institutions and certain service providers. |
Active
Updated: Jun 2022 |
| North America |
United States Federal |
Federal | Law |
Health Insurance Portability and Accountability Act
1996 Aug 1996 |
HIPAA | Privacy |
U.S. Dept of Health & Human Services Website |
Covered entities and business associates handling PHI. |
Active
Updated: Sep 2013 |
| North America |
United States Iowa |
State | Law |
Iowa Consumer Data Protection Act
Mar 2023 |
ICDPA | Privacy | State of Iowa | Entities meeting IA thresholds. |
Active
Updated: Jan 2025 |
| North America |
United States Maryland |
State | Law |
Maryland Online Data Privacy Act
HB 562 (2024) May 2024 |
MODPA | Privacy | State of Maryland | Controllers meeting MD thresholds. |
Active
Updated: May 2024 |
| North America |
United States Minnesota |
State | Law |
Minnesota Consumer Data Privacy Act
HF 4757 (2024) May 2024 |
MN CDPA | Privacy | State of Minnesota | Controllers meeting MN thresholds. |
Active
Updated: May 2024 |
| North America |
United States Montana |
State | Law |
Montana Consumer Data Privacy Act
May 2023 |
MTCDPA | Privacy | State of Montana | Entities meeting MT thresholds. |
Active
Updated: Oct 2024 |
| North America |
United States Washington |
State | Law |
My Health My Data Act
Apr 2023 |
MHMD | Privacy | State of Washington | Entities handling consumer health data related to WA residents. |
Active
Updated: Mar 2024 |
| North America |
United States Nebraska |
State | Law |
Nebraska Data Privacy Act
LB 1074 (2024) Apr 2024 |
NE DPA | Privacy | State of Nebraska | Controllers meeting NE thresholds. |
Active
Updated: Apr 2024 |
| North America | United States | Industry | Regulation | NERC CIP Standards | N/A | Electric grid cybersecurity | NERC | Electric utilities | Active |
| North America |
United States Nevada |
State | Law |
Nevada Online Privacy Law (as amended by SB220/SB260)
May 2019 |
Nevada Privacy | Privacy | State of Nevada | Website operators collecting covered information from NV consumers. |
Active
Updated: Oct 2021 |
| North America |
United States New Hampshire |
State | Law |
New Hampshire Consumer Data Privacy Act
SB 255 (2024) Jan 2024 |
NH CDPA | Privacy | State of New Hampshire | Controllers meeting NH thresholds. |
Active
Updated: Jan 2024 |
| North America |
United States New Jersey |
State | Law |
New Jersey Data Privacy Act
A4919 (2023) Jan 2024 |
NJDPA | Privacy | State of New Jersey | Controllers meeting NJ thresholds. |
Active
Updated: Jan 2024 |
| North America | United States | State | Law | New York SHIELD Act | SHIELD | Data breach notification | New York State | Organizations handling NY resident data | Active |
| North America |
United States Federal |
Federal | Framework |
NIST Cybersecurity Framework
2.0 Feb 2014 |
NIST CSF | Cybersecurity |
NIST Website |
Voluntary; widely adopted across sectors. |
Active
Updated: Feb 2024 |
| North America |
United States Federal |
Federal | Framework |
NIST SP 800-171
Rev. 3 Dec 2016 |
NIST 800-171 | Cybersecurity |
NIST / DoD Website |
Non-federal systems processing CUI (DoD, federal contracts). |
Active
Updated: May 2024 |
| North America |
United States Federal |
Federal | Framework |
NIST SP 800-53
Rev. 5 Dec 2020 |
NIST 800-53 | Cybersecurity |
NIST Website |
U.S. federal agencies; contractors via overlays. |
Active
Updated: Mar 2023 |
| North America |
United States Oregon |
State | Law |
Oregon Consumer Privacy Act
Jul 2023 |
OCPA | Privacy | State of Oregon | Controllers meeting OR thresholds. |
Active
Updated: Jul 2024 |
| North America |
United States Federal |
Federal | Law |
Sarbanes-Oxley Act
2002 Jul 2002 |
SOX | Governance | SEC | U.S. public companies and auditors. |
Active
Updated: Jan 2021 |
| North America |
United States Massachusetts |
State | Regulation |
Standards for the Protection of Personal Information of Residents of the Commonwealth
201 CMR 17.00 Mar 2010 |
201 CMR 17.00 | Cybersecurity | Massachusetts Office of Consumer Affairs | Persons owning or licensing personal information of MA residents. |
Active
Updated: Jan 2024 |
| North America |
United States New York |
State | Law |
Stop Hacks and Improve Electronic Data Security Act
Jul 2019 |
NY SHIELD Act | Cybersecurity | New York State | Any business holding NY residents? private information. |
Active
Updated: Mar 2020 |
| North America |
United States Tennessee |
State | Law |
Tennessee Information Protection Act
SB 73 (2023) May 2023 |
TIPA | Privacy | State of Tennessee | Entities meeting TN thresholds. |
Active
Updated: May 2023 |
| North America |
United States Texas |
State | Law |
Texas Data Privacy and Security Act
Jun 2023 |
TDPSA | Privacy | State of Texas | Broad applicability to businesses processing TX data. |
Active
Updated: Jul 2024 |
| North America |
United States Utah |
State | Law |
Utah Consumer Privacy Act
Mar 2022 |
UCPA | Privacy | State of Utah | Entities meeting UT thresholds. |
Active
Updated: Dec 2023 |
| North America |
United States Virginia |
State | Law |
Virginia Consumer Data Protection Act
Mar 2021 |
VCDPA | Privacy | Commonwealth of Virginia | Entities meeting VA thresholds. |
Active
Updated: Jan 2023 |
| South America | Brazil | Federal | Law | Lei Geral de Proteção de Dados | LGPD | General data protection | ANPD | Organizations processing personal data in Brazil | Active |