Governance: Difference between revisions
No edit summary |
|||
| (14 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
== Legal requirements in the EU == | == Legal requirements in the EU == | ||
[[ePrivacy Directive (cookie law) - EPD]] - NB will be replaced by ePrivacy Regulation | [[ePrivacy Directive (cookie law) - EPD]] - NB will be replaced by ePrivacy Regulation Also see https://business.gov.nl/regulation/cookies/#art:no-consent-required | ||
[[ePrivacy Regulation]] | [[ePrivacy Regulation]] | ||
| Line 6: | Line 6: | ||
[[General Data Protection Regulation GDPR]] - privacy | [[General Data Protection Regulation GDPR]] - privacy | ||
== | [https://digital-strategy.ec.europa.eu/en/policies/nis2-directive NIS2] - EU Cybersecurity rules. [https://www.nis-2-directive.com/NIS_2_Directive_Articles.html Articles in a more readable format] (set up by cyber risk gmbh) | ||
[https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act Cyber Resilience Act (CRA)] - mandatory cybersecurity requirements for manufacturers + retailers | |||
European Data Act | |||
Liability for Defective Products | |||
AI Act | |||
[https://finance.ec.europa.eu/capital-markets-union-and-financial-markets/company-reporting-and-auditing/company-reporting/corporate-sustainability-reporting_en Corporate Sustainability Reporting Directive (CSRD)] - only large and listed companies | |||
== National legal requirements to think of == | |||
[[Archive laws]] | [[Archive laws]] | ||
== Certifications == | [https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer UK Online Safety Act] | ||
== International Certifications == | |||
[[ISO 9001]] - quality management systems | [[ISO 9001]] - quality management systems | ||
[[ISO/IEC 27001]] (EU and rest of world) / SOC2 (North America) | [[ISO/IEC 27001]] (EU and rest of world) / SOC2 (North America) - how to protect your data | ||
[[ISO/IEC 27002]] - how to handle access to data and incident response | |||
[[UK NCSC CRA]] - UK’s National Cyber Security Centre Cyber Resilience Audit which assures providers who can conduct independent Cyber Assessment Framework (CAF) based audits | |||
[https://www.nist.gov/cyberframework NIST Cybersecurity Framework 2.0 (CSF)] - US version of NIS2 | |||
== Local Certifications == | |||
[https://www.thuiswinkel.org/ Thuiswinkel.org] - for webshops | |||
== EU Standards == | |||
[https://www.etsi.org/ ETSI] - globally applicable standards for ICT-enabled systems, applications and services deployed across all sectors of industry and society | |||
[https://www.cencenelec.eu/european-standardization/european-standards/ CEN / CENELEC] | |||
Pentesting - oddly enough, there is no standard really | |||
== International Pacts / Agreements == | |||
G7 Hiroshima AI Process | |||
[https://www.coe.int/en/web/portal/-/council-of-europe-opens-first-ever-global-treaty-on-ai-for-signature AI Treaty] / Framework Convention on artificial intelligence and human rights, democracy, and the rule of law ([https://www.coe.int/en/web/conventions/full-list?module=treaty-detail&treatynum=225 CETS No. 225]). signed by Andorra, Georgia, Iceland, Norway, the Republic of Moldova, San Marino, the United Kingdom as well as Israel, the United States of America and the European Union. | |||
[https://digital-strategy.ec.europa.eu/en/policies/ai-pact AI Pact] - a voluntary pre-signup to the AI act before all conditions come into force | |||
Latest revision as of 07:49, 23 January 2025
Legal requirements in the EU
ePrivacy Directive (cookie law) - EPD - NB will be replaced by ePrivacy Regulation Also see https://business.gov.nl/regulation/cookies/#art:no-consent-required
General Data Protection Regulation GDPR - privacy
NIS2 - EU Cybersecurity rules. Articles in a more readable format (set up by cyber risk gmbh)
Cyber Resilience Act (CRA) - mandatory cybersecurity requirements for manufacturers + retailers
European Data Act
Liability for Defective Products
AI Act
Corporate Sustainability Reporting Directive (CSRD) - only large and listed companies
National legal requirements to think of
International Certifications
ISO 9001 - quality management systems
ISO/IEC 27001 (EU and rest of world) / SOC2 (North America) - how to protect your data
ISO/IEC 27002 - how to handle access to data and incident response
UK NCSC CRA - UK’s National Cyber Security Centre Cyber Resilience Audit which assures providers who can conduct independent Cyber Assessment Framework (CAF) based audits
NIST Cybersecurity Framework 2.0 (CSF) - US version of NIS2
Local Certifications
Thuiswinkel.org - for webshops
EU Standards
ETSI - globally applicable standards for ICT-enabled systems, applications and services deployed across all sectors of industry and society
Pentesting - oddly enough, there is no standard really
International Pacts / Agreements
G7 Hiroshima AI Process
AI Treaty / Framework Convention on artificial intelligence and human rights, democracy, and the rule of law (CETS No. 225). signed by Andorra, Georgia, Iceland, Norway, the Republic of Moldova, San Marino, the United Kingdom as well as Israel, the United States of America and the European Union.
AI Pact - a voluntary pre-signup to the AI act before all conditions come into force