{{item.videoDuration}}
{{item.title}}
{{item.text}}
{{item.videoDuration}}
{{item.title}}
{{item.text}}
In today's interconnected world, regulators recognise organisations' direct impact on national security, public health and the global economy. Regulations serve as guardrails to help businesses stay resilient in the face of cybersecurity incidents to minimise disruption to operations.
Cyber regulations are proving to be a major driver for cybersecurity investment. Based on the 2025 Global Digital Trust Insights Survey, 96% of executives acknowledged that regulatory requirements have spurred them to enhance their security measures. Moreover, 78% believe that regulations have helped to challenge, improve or increase their cybersecurity posture. This indicates that, despite the difficulties of compliance, regulations are serving to further mature cybersecurity capabilities across industries.
Our insights from across the globe dive into the reasons for prioritising these regulations, detail key mandates in various regions and cover future trends with an eye toward how to prepare.
Explore insights on the latest cybersecurity regulations
With the European Union's commitment to digital sovereignty and resilience, cyber regulation in Europe continuously adapts to new threats and technological advancements. Compliance with European cyber regulations is essential for safeguarding personal data and critical infrastructure, as well as maintaining trust and credibility in the digital marketplace.
In Europe, cybersecurity regulation is rapidly evolving to address the complex threats posed by digitalisation. The European Union Agency for Cybersecurity (ENISA) plays a central role in supporting EU Member States in implementing and enforcing cyber regulations, providing guidance, expertise, and cooperation opportunities.
The emerging regulatory environment includes regulations such as NIS2, DORA, Cyber Resilience Act and the AIAct. While this introduces a complex regulatory environment especially when combined with US and APAC regulations, the guardrails that regulators put up can give organisations added confidence to explore, experiment, invent and compete. A new era of transparency and collaboration is on the horizon with public disclosure of cyber incidents and cyber practices. There will be increased responsibility placed on board members.
Learn more about EU cyber regulations:
Cyber regulation in the Americas encompasses a wide range of laws to address growing cyber threat challenges, protect individual privacy, and safeguard organisational security in the digital realm.
In the United States, key federal regulations governing cyber compliance and reporting include the SEC cyber disclosure rule, the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), the North American Electric Reliability Corporation Critical Infrastructure Protection plan (NERC CIP) and TSA security directives 1 and 2. At the state level, the New York Department of Financial Services (NYSDFS) Part 500 cyber regulation and the California Consumer Privacy Act (CCPA) regulations have been among the most influential.
In Canada, both privacy and cybersecurity regulations have been undergoing changes. Currently privacy regulations such as the Personal Information Protection and Electronic Documents Act (PIPEDA) sets out rules for the collection, use, and disclosure of personal information at a national level, while the provinces have established their own requirements. Cybersecurity regulations are defined by sector, and regulators such as OSFI continue to focus on topics like third party risk management, resilience, insider risk and foreign interference, proactive risk management and breach reporting.
In Latin America, countries like Brazil, Mexico, and Argentina have enacted comprehensive data protection laws inspired by the European Union's General Data Protection Regulation (GDPR). These laws establish principles for the processing of personal data, grant individuals certain rights over their data, and impose obligations on organisations to protect personal information.
Learn more about the latest cyber regulation in the Americas:
With the rapid advancement of technology, and the increasing interconnectedness of societies, countries in the Asia Pacific region have recognised the need for robust cyber regulations to protect against cybercrime, data breaches and other malicious activities. These regulations are designed to establish clear guidelines for the collection, use and protection of personal data, as well as promote cybersecurity best practices across various sectors. Examples include Australia’s Privacy Act, Singapore's Personal Data Protection Act and the Cybersecurity Act.
Each country in the region has implemented its own set of laws and regulations to safeguard digital assets and ensure the trust and confidence of individuals and businesses in the online environment. By staying at the forefront of cyber regulation, the Asia Pacific region is actively working towards creating a secure and resilient digital ecosystem that fosters innovation and economic growth while mitigating the risks associated with cyber threats.
Learn more:
- Australia's 2023 Privacy Act Review Report
- Singapore's Personal Data Protection Act (PDPA)
- Japan's 2023 Amendment to the Act on the Protection of Personal Information (APPI)
- India's Digital Personal Data Protection Act 2023
- China's First Personal Information Protection Law
- China’s cybersecurity and data legal developments and implications for businesses
Learn more about
SEC’s new cyber disclosure rule
With the new SEC cyber disclosure rule, the SEC puts the onus on companies to give investors current, consistent and “decision-useful” information about how they manage their cyber risks.
{{filterContent.facetedTitle}}
{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}
{{contentList.loadingText}}
{{contentList.loadingText}}
Contact us
Partner, Cybersecurity, Privacy and Financial Crime National Leader, PwC Canada
