Skip to content

Overview of security standards, laws, regulations and directives

It is easy to get lost in all the different standards, laws, regulations and directives when it comes to security.This site describes the differences and gives an overview of the most common laws, directives, regulations and standards to know when working with information security.

Note

Not all legal frameworks and standards is relevant for companies. The companies must figure out what is relevant for them and how they should manage security within the organization.

What is the difference of law, directive, regulation and standard?

  • Law: Applies nationally, enacted by a national legislature, such as the Storting in Norway. It is binding for all citizens and organizations within a country.
  • Directive: Sets goals and provide guidance.
    • EU Directive: Sets goals for EU member states, which must create national laws to achieve the objectives.
    • National Directive: Sets goals and provides guidance, but is usually not legally binding unless transformed into laws or regulations.

  • Regulation: Applies directly in all EU countries without the need for national implementation.

  • Standard: A standard is a guideline or specification developed by organizations with expertise in a given area. Standards are not legally binding in the same way as laws, directives, or regulations, but they can be mandated through legislation or recognized as best practices in an industry.

Laws

Directive

Regulation

Standards and guidelines

Useful standards and guidelines