Governance: Difference between revisions

From Edgar BV Wiki
Jump to navigation Jump to search
No edit summary
 
(14 intermediate revisions by the same user not shown)
Line 1: Line 1:
Legal requirements in the EU
== Legal requirements in the EU ==
 
[[ePrivacy Directive (cookie law) - EPD]] - NB will be replaced by ePrivacy Regulation
[[ePrivacy Directive (cookie law) - EPD]] - NB will be replaced by ePrivacy Regulation


[[ePrivacy Regulation]]
[[ePrivacy Regulation]]


[[GDPR]]
[[General Data Protection Regulation GDPR]] - privacy
 
NIS2
 
Cyber Resilience Act
 
European Data Act
 
Liability for Defective Products
 
AI Act
 
== National legal requirements to think of ==
[[Archive laws]]
 
== International Certifications ==
[[ISO 9001]] - quality management systems
 
[[ISO/IEC 27001]] (EU and rest of world) / SOC2 (North America) - how to protect your data
 
[[ISO/IEC 27002]]  - how to handle access to data and incident response
 
[[UK NCSC CRA]] - UK’s National Cyber Security Centre Cyber Resilience Audit which assures providers who can conduct independent Cyber Assessment Framework (CAF) based audits
 
NIST Cybersecurity Framework 2.0 - US version of NIS2
 
== Local Certifications ==
[https://www.thuiswinkel.org/ Thuiswinkel.org] - for webshops
 
== EU Standards ==
[https://www.etsi.org/ ETSI] - globally applicable standards for ICT-enabled systems, applications and services deployed across all sectors of industry and society
 
[https://www.cencenelec.eu/european-standardization/european-standards/ CEN / CENELEC]
 
Pentesting - oddly enough, there is no standard really
 
== International Pacts / Agreements ==
G7 Hiroshima AI Process
 
[https://www.coe.int/en/web/portal/-/council-of-europe-opens-first-ever-global-treaty-on-ai-for-signature AI Treaty] / Framework Convention on artificial intelligence and human rights, democracy, and the rule of law ([https://www.coe.int/en/web/conventions/full-list?module=treaty-detail&treatynum=225 CETS No. 225]). signed by Andorra, Georgia, Iceland, Norway, the Republic of Moldova, San Marino, the United Kingdom as well as Israel, the United States of America and the European Union.
 
[https://digital-strategy.ec.europa.eu/en/policies/ai-pact AI Pact] - a voluntary pre-signup to the AI act before all conditions come into force

Latest revision as of 07:56, 23 November 2024

Legal requirements in the EU

ePrivacy Directive (cookie law) - EPD - NB will be replaced by ePrivacy Regulation

ePrivacy Regulation

General Data Protection Regulation GDPR - privacy

NIS2

Cyber Resilience Act

European Data Act

Liability for Defective Products

AI Act

National legal requirements to think of

Archive laws

International Certifications

ISO 9001 - quality management systems

ISO/IEC 27001 (EU and rest of world) / SOC2 (North America) - how to protect your data

ISO/IEC 27002 - how to handle access to data and incident response

UK NCSC CRA - UK’s National Cyber Security Centre Cyber Resilience Audit which assures providers who can conduct independent Cyber Assessment Framework (CAF) based audits

NIST Cybersecurity Framework 2.0 - US version of NIS2

Local Certifications

Thuiswinkel.org - for webshops

EU Standards

ETSI - globally applicable standards for ICT-enabled systems, applications and services deployed across all sectors of industry and society

CEN / CENELEC

Pentesting - oddly enough, there is no standard really

International Pacts / Agreements

G7 Hiroshima AI Process

AI Treaty / Framework Convention on artificial intelligence and human rights, democracy, and the rule of law (CETS No. 225). signed by Andorra, Georgia, Iceland, Norway, the Republic of Moldova, San Marino, the United Kingdom as well as Israel, the United States of America and the European Union.

AI Pact - a voluntary pre-signup to the AI act before all conditions come into force