Compliance · By Country

60+ countries. 80+ frameworks. Pre-mapped.

Comprehensive coverage across six continents and the European Union. Every framework Safeguard supports, listed jurisdiction by jurisdiction — from federal mandates to sector regulators to data-protection authorities.

View by region Use case

60+

countries

80+

frameworks

All

regions

24/7

continuous evidence

Country-level granularity

Every country. Every framework.

Scroll through every jurisdiction Safeguard ships pre-mapped framework packs for. Each card lists the specific obligations Safeguard scanners, policies, and evidence collectors implement.

North America

Federal, state, and provincial frameworks across the US, Canada, and Mexico.

3 jurisdictions

United States

FedRAMP HIGH

CMMC L2 / L3

NIST SP 800-53 / 161 / 218

EO 14028

HIPAA

HITECH

FISMA

PCI-DSS

SOC 2

CCPA

CPRA

NYDFS

SOX

GLBA

CISA Directives

Canada

PIPEDA

Canadian Centre for Cyber Security baseline

Bill C-26 (Cyber Security Act)

CSE PROTECTED B / C

Quebec Law 25

Mexico

LFPDPPP

INE cybersecurity guidelines

European Union

Pan-EU regulation plus member-state-specific frameworks.

16 jurisdictions

Pan-EU

GDPR

NIS2

DORA

EU AI Act

EU CER

EU CRA

EU MDR / IVDR

EU Solvency II

ENISA TL

Germany

BSI IT-Grundschutz

BSI KRITIS

BAIT (banking)

VAIT (insurance)

KAIT

France

ANSSI RGS

ANSSI SecNumCloud

OIV

Netherlands

NCSC NL Baseline

BIO (government)

Italy

ACN cyber framework

Misure Minime AgID

Spain

ENS (Esquema Nacional de Seguridad)

Poland

KSC (cyber framework)

Ireland

NCSC IE NIS2 transposition

Belgium

CCB baseline

NIS2 transposition

Sweden

MSB framework

NIS2 transposition

Denmark

CFCS guidance

NIS2 transposition

Finland

Traficom Katakri

NIS2 transposition

Norway

NSM grunnprinsipper

Datatilsynet guidance

Austria

NISG transposition

DSG

Portugal

CNCS framework

Lei n.o 46/2018

Greece

NCSA framework

HDPA

United Kingdom

Post-Brexit UK frameworks across data protection, finance, and defence.

1 jurisdictions

United Kingdom

UK GDPR

NCSC CAF

PRA SS1/21

FCA SYSC

MOD JSP-440

MOD Cyber Essentials

NCSC Active Cyber Defence

India

Data protection, sector regulators, and critical-infrastructure rules.

1 jurisdictions

India

DPDP Act 2023

RBI Cybersecurity Framework

SEBI CSCRF

IFSCA Framework

CERT-In Directions 2022

STQC certification

DoT cybersecurity guidelines

DGCA

DGS

MeitY cyber guidelines

RBI PA-PG

NCIIPC Critical Information Infrastructure

Middle East

GCC and Levant frameworks — heavy emphasis on critical national infrastructure.

8 jurisdictions

Saudi Arabia

NCA OTCC

NCA ECC

NCA CCC

NCA TCC

NDMO

SAMA cyber framework

United Arab Emirates

NESA / SIA

UAE Federal Decree-Law No. 45/46

ADGM Data Protection

DIFC DP Law

Qatar

NIA

QFC DPA

Bahrain

Personal Data Protection Law

CBB cybersecurity framework

Kuwait

DCC cyber rules

Oman

ITA cyber framework

Jordan

NCSC framework

JoPDP

Egypt

NTRA cyber rules

Data Protection Law 2020

Asia-Pacific

Data protection, financial supervision, and AI rules across the world's fastest-moving region.

13 jurisdictions

Japan

APPI

METI cybersecurity

FSA cyber

Singapore

PDPA

MAS TRM

AI Verify

IM8

Australia

Privacy Act

ACSC Essential Eight

SOCI Act

APRA CPS 234

New Zealand

NZISM

Privacy Act 2020

South Korea

PIPA

KISA

K-ISMS-P

Korea AI Framework Act

China

GenAI Measures

DSL

PIPL

MLPS 2.0 — deployment requires sovereign tier

Hong Kong

PDPO

HKMA cyber framework

Taiwan

Cyber Security Management Act

NCC rules

Indonesia

PDP Law (UU PDP)

OJK cyber

Vietnam

Cybersecurity Law

DTP

Thailand

PDPA

BoT cyber

Malaysia

PDPA

BNM RMiT

Philippines

DPA

BSP cyber

Latin America

Data protection across LATAM with sector overlays for finance.

5 jurisdictions

Brazil

LGPD

BACEN Resolution 4658

ANPD

Argentina

PDPA

Chile

Personal Data Protection Law

CMF cyber

Colombia

Law 1581

SuperFinanciera

Peru

PDPA

Africa

Pan-African data-protection laws and central-bank cyber rules.

4 jurisdictions

South Africa

POPIA

SARB cyber

NCPF

Nigeria

NDPR

CBN cyber framework

Kenya

Data Protection Act

CBK cyber

Morocco

Law 09-08

CNDP

Cross-jurisdictional

Standards that travel everywhere.

Some frameworks span jurisdictions. Safeguard ships these as horizontal packs that satisfy multiple regulators at once.

ISO / IEC family

27001, 27002, 27017, 27017, 27018, 27019, 27034, 27036, 42001 — control mappings, evidence templates, and exception workflows for every certifiable surface.

NIST CSF / 800 family

CSF 2.0, SP 800-53, SP 800-161 (supply chain), SP 800-218 (SSDF), SP 800-190 (containers) — mapped to Safeguard findings, policies, and attestations.

SOC 2 / SOC 3

Trust Services Criteria — Security, Availability, Processing Integrity, Confidentiality, Privacy. Auditor-ready evidence packs out of the box.

CSA STAR

CCM, CAIQ, and STAR Level 1 / 2 alignment for cloud service providers — including continuous monitoring evidence.

Sector overlays

Sector-specific frameworks across regions.

Vertical stacks layered on top of national frameworks for regulated industries.

Banking

PCI-DSS

FFIEC

MAS TRM

BoE Operational Resilience

Healthcare

HIPAA

EU MDR

EU IVDR

FDA SaMD

Industrial

IEC 62443

NERC CIP

ISO 27019

Government

FedRAMP

NCSC CAF

STQC

NESA

Process

How we add a new country.

Five steps from regulator publication to a shipped framework pack with policies, evidence, and dashboards.

Capture the regulation

Source the authoritative text, the supervisor's guidance, and any associated technical standards.

Decompose into controls

Break each obligation into the smallest enforceable unit — a policy, an evidence requirement, a reporting trigger.

Map to platform signals

Tie each control to Safeguard scanners, policy gates, SBOM artefacts, attestations, and runtime telemetry.

Ship the framework pack

Publish the framework as a turnkey module — policies enabled, evidence wired, dashboards pre-built.

Watch the change feed

Track regulator updates and amendments; when a control changes, the pack updates automatically and customers get a diff.

Need a framework we have not listed?

Most new framework packs ship inside two weeks of a customer asking. Tell us the jurisdiction and the obligations, and we will scope the mapping with you.