Cybersecurity regulation is tightening in Europe. Companies must act now to ensure compliance and seize the opportunity to improve their security posture. But understanding which of the growing number of regulations, directives or regulatory frameworks apply to organizations operating in Europe can be daunting. The DNV Cyber Regulation Compass informs the first steps of organizations' compliance planning efforts and indicates the likely relevance of NIS2, the AI Act, CER, CRA, DORA and IMO/IACS for an organization.

How it works

Answer a few simple questions about an organization’s business, sector, and operations, and the DNV Cyber Regulation Compass will provide guidance on which key cybersecurity regulations directives or regulatory frameworks could apply to the organization’s activities in Europe. The insights are based on a simple scoring mechanism which maps the provided information against requirements of NIS2, the AI Act, CER, CRA, DORA and IMO/IACS. 

The compass output is applicable on a European level, individual country specific adaptations are not included in the assessment.

Key benefits

Drawing on DNV Cyber’s expertise, the tool reflects the latest requirements that regulations, directives or regulatory frameworks pose on operators, suppliers, and distributors across sectors in Europe. The findings point to possible business compliance needs and support initial planning efforts.    

By identifying potentially overlapping regulatory demands, the compass can also point towards opportunities to tackle these demands together rather than duplicating tasks.