Helping you navigate the global cyber regulatory landscape
Cybersecurity regulation insights
In today’s interconnected world, an organisation’s cybersecurity posture can directly impact national security, critical infrastructure, and the global economy. Cyber regulations serve as guardrails to help businesses stay resilient and limit disruption when attacked.
Compliance with these regulations remains an important consideration for cybersecurity investment. According to PwC’s 2026 Global Digital Trust Insights survey, 31% of executives rank compliance in the top three areas influencing their cyber spend priorities over the next 12 months. About as many (30%) rank cyber governance, risk and compliance (GRC) in the top three areas they’re prioritising agentic AI to increase efficiency over the same period.
Moreover, the challenges of compliance can dissuade companies from doing business in countries where certain regulations apply. Over one-third of executives said regulations governing third-party risk management, AI risk management, and tech product cybersecurity pose the greatest barrier to doing business in countries that have them.
Our insights from across the globe explore how organisations can navigate these requirements, detail key mandates in various regions, and examine future trends with guidance on how to prepare.
Explore insights on the latest cybersecurity regulations
With the European Union’s commitment to digital sovereignty and resilience, cyber regulation in Europe continuously adapts to new threats and technological advancements. Compliance with European cyber regulations is essential for safeguarding personal data and critical infrastructure, as well as maintaining trust and credibility in the digital marketplace.
In Europe, cybersecurity regulation is rapidly evolving to address the complex threats posed by digitalisation. The European Union Agency for Cybersecurity (ENISA) plays a central role in supporting EU Member States in implementing and enforcing cyber regulations, providing guidance, expertise, and cooperation opportunities.
The emerging regulatory environment includes regulations such as NIS2, DORA, Cyber Resilience Act and the AI Act. While this introduces a complex regulatory environment especially when combined with US and APAC regulations, the guardrails that regulators put up can give organisations added confidence to explore, experiment, invent and compete. A new era of transparency and collaboration is on the horizon with public disclosure of cyber incidents and cyber practices. There will be increased responsibility placed on board members.
Learn more about EU cyber regulations:
Cyber regulation in the Americas encompasses a wide range of laws to address growing cyber threat challenges, protect individual privacy, and safeguard organisational security in the digital realm.
In the United States, key federal regulations governing cyber compliance and reporting include the SEC cyber disclosure rule, the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), the North American Electric Reliability Corporation Critical Infrastructure Protection plan (NERC CIP) and TSA security directives 1 and 2. At the state level, the New York Department of Financial Services (NYSDFS) Part 500 cyber regulation and the California Consumer Privacy Act (CCPA) regulations have been among the most influential.
In Canada, both privacy and cybersecurity regulations have been undergoing changes. Currently privacy regulations such as the Personal Information Protection and Electronic Documents Act (PIPEDA) sets out rules for the collection, use, and disclosure of personal information at a national level, while the provinces have established their own requirements. Cybersecurity regulations are defined by sector, and regulators such as OSFI continue to focus on topics like third party risk management, resilience, insider risk and foreign interference, proactive risk management and breach reporting.
In Latin America, countries like Brazil, Mexico, and Argentina have enacted comprehensive data protection laws inspired by the European Union’s General Data Protection Regulation (GDPR). These laws establish principles for the processing of personal data, grant individuals certain rights over their data, and impose obligations on organisations to protect personal information.
Learn more about the latest cyber regulation in the Americas:
With the rapid advancement of technology, and the increasing interconnectedness of societies, countries in the Asia Pacific region have recognised the need for robust cyber regulations to protect against cybercrime, data breaches and other malicious activities. These regulations are designed to establish clear guidelines for the collection, use and protection of personal data, as well as promote cybersecurity best practices across various sectors. Examples include Australia’s Privacy Act, Singapore’s Personal Data Protection Act and the Cybersecurity Act.
Each country in the region has implemented its own set of laws and regulations to safeguard digital assets and ensure the trust and confidence of individuals and businesses in the online environment. By staying at the forefront of cyber regulation, the Asia Pacific region is actively working towards creating a secure and resilient digital ecosystem that fosters innovation and economic growth while mitigating the risks associated with cyber threats.
Learn more:
Learn more about
Contact us
Partner, Cybersecurity, Privacy and Financial Crime National Leader, PwC Canada