Skip to main content




Cybersecurity regulation refers to legal measures and guidelines designed to protect networks, devices, programs, and data from digital attacks, theft, damage, or unauthorized access. These regulations impose standards, procedures, and responsibilities on individuals, organizations, and governments to ensure the confidentiality, integrity, and availability of digital information and systems.

A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access (stealing intellectual property or confidential information) and control system attacks. - Cyber-security Regulation, Wikipedia

Note: This is an area of active current development.

See: This detailed wikipedia article on Cyber-security regulation

Intersection With Open Source


  • Supply Chain Security

  • Arguably, the controls for contribution should not be any different for ingestion. However, it's important to point out that firms need to be vigilant even when consuming their own open source software and apply the same level of care as they do for third party code.

See Also:

Relevant Regulation

EU Examples

  • DORA: In the EU, Digital Operational Resilience Act (DORA) includes measures to ensure that financial entities have secure and resilient software supply chains. This includes requirements for risk management, testing, incident reporting, and ICT third-party risk.

  • The Cyber Resilience Act (CRA) is a regulation proposed by the European Commission which outlines common cybersecurity standards for hardware and software products in the EU.

US Examples