Springlex presents tech and finance legislation from the EU in an accessible and navigable format – for a better legal research experience.
Packages
Cyber resilience for products with digital elements (“CRA”)
Consumer protection legislation mandating certain essential cybersecurity requirements for products with digital elements and their manufacturers in order to get a CE marking in the EU.
1
legal acts
View acts
Basic legislative acts
High common level of cybersecurity for entities (“NIS 2”)
Horisontal legislation to achieve a high common level of cybersecurity for services, establishing national capabilities, cooperation at a EU level, and risk-management measures for entities.
2
legal acts
View acts
Digital operational resilience in the financial sector (“DORA”)
Comprehensive legislation on various cyber security topics including an oversight framework for service providers, applies to nearly all types of financial entities in the EU.
13
legal acts
View acts
Basic legislative acts
ICT risk management
ICT-related incidents
- Commission Delegated Regulation (EU) 2025/301 RTS on incident reporting
- Commission Delegated Regulation (EU) 2024/1772 RTS on incident classification
- Commission Implementing Regulation (EU) 2025/302 ITS on templates for incident reporting
Digital operational resilience testing
ICT third-party service providers
- Commission Delegated Regulation (EU) 2024/1773 RTS on ICT third-party service provider policy
- Commission Delegated Regulation (EU) 2025/532 RTS on subcontracting ICT services
- Commission Implementing Regulation (EU) 2024/2956 ITS on register of information
Oversight framework