{"generatedAt":"2026-04-09T04:33:53.411Z","count":14,"documents":[{"id":"nis2","frameworkTag":"NIS2","shortName":"NIS2","officialTitle":"Directive (UE) 2022/2555","type":"Directive","summary":"NIS2 renforce la cybersecurite des entites essentielles et importantes avec des exigences de gouvernance, gestion des risques, notification d'incident et supervision.","scope":["Gouvernance cyber au niveau direction","Mesures minimales de securite et gestion des tiers","Obligations de notification d'incident"],"fireUsage":["Qualification de perimetre et obligations","Scoring des mesures de gestion du risque","Generation de plan de remediation priorise"],"pdfPath":"/varden-auditor/docs/regulations/nis2.pdf","pdfUrl":"https://localhost:3001/varden-auditor/docs/regulations/nis2.pdf"},{"id":"dora","frameworkTag":"DORA","shortName":"DORA","officialTitle":"Reglement (UE) 2022/2554","type":"Reglement","summary":"DORA impose une resilience operationnelle numerique robuste au secteur financier, avec gouvernance ICT, tests de resilience et gestion des risques fournisseurs ICT.","scope":["Cadre de gestion du risque ICT","Gestion et declaration des incidents ICT","Tests de resilience operationnelle (dont avances)"],"fireUsage":["Assessments resilience operationnelle","Suivi des incidents et delais de reprise","Pilotage du risque concentration fournisseurs"],"pdfPath":"/varden-auditor/docs/regulations/dora.pdf","pdfUrl":"https://localhost:3001/varden-auditor/docs/regulations/dora.pdf"},{"id":"cer","frameworkTag":"CER","shortName":"CER","officialTitle":"Directive (UE) 2022/2557","type":"Directive","summary":"CER traite la resilience des entites critiques face aux menaces physiques et hybrides, avec analyse de risques, mesures de protection et continuite des services essentiels.","scope":["Identification des entites critiques","Evaluation des risques multisources","Plans de resilience et continuite"],"fireUsage":["Evaluation de continuite metier","Indicateurs de resilience interdependances","Rapports de preparation et stress tests"],"pdfPath":"/varden-auditor/docs/regulations/cer.pdf","pdfUrl":"https://localhost:3001/varden-auditor/docs/regulations/cer.pdf"},{"id":"cra","frameworkTag":"CRA","shortName":"CRA","officialTitle":"Reglement (UE) 2024/2847","type":"Reglement","summary":"Le Cyber Resilience Act introduit des exigences de securite pour les produits avec elements numeriques sur tout leur cycle de vie, incluant traitement des vulnerabilites.","scope":["Security by design/by default","Gestion des vulnerabilites et mises a jour","Obligations de transparence et signalement"],"fireUsage":["KPI patching et vulnerabilites critiques","Suivi des delais de correction","Trajectoire de conformite produit"],"pdfPath":"/varden-auditor/docs/regulations/cra.pdf","pdfUrl":"https://localhost:3001/varden-auditor/docs/regulations/cra.pdf"},{"id":"rgpd","frameworkTag":"RGPD","shortName":"RGPD","officialTitle":"Reglement (UE) 2016/679","type":"Reglement","summary":"Le RGPD encadre le traitement des donnees personnelles, impose responsabilite, securite adequate, droits des personnes et notification des violations.","scope":["Base legale et responsabilite du traitement","Droits des personnes concernees","Securite des traitements et gestion des violations"],"fireUsage":["Evaluation privacy by design et gouvernance","Suivi des violations et delais de notification","Plan d'amelioration registre + mesures techniques"],"pdfPath":"/varden-auditor/docs/regulations/rgpd.pdf","pdfUrl":"https://localhost:3001/varden-auditor/docs/regulations/rgpd.pdf"},{"id":"data-act","frameworkTag":"DATA_ACT","shortName":"Data Act","officialTitle":"Reglement (UE) 2023/2854","type":"Reglement","summary":"Le Data Act organise l'acces et le partage de donnees, notamment issues d'objets connectes, et encadre l'equite contractuelle, l'interoperabilite et le changement de fournisseur cloud.","scope":["Acces et portabilite des donnees","Conditions de partage B2B/B2G","Interoperabilite et switching cloud"],"fireUsage":["Evaluation dependance fournisseur cloud","Indicateurs de reversibilite et portabilite","Rapport de maturite gouvernance data"],"pdfPath":"/varden-auditor/docs/regulations/data-act.pdf","pdfUrl":"https://localhost:3001/varden-auditor/docs/regulations/data-act.pdf"},{"id":"dga","frameworkTag":"DATA_GOVERNANCE_ACT","shortName":"Data Governance Act","officialTitle":"Reglement (UE) 2022/868","type":"Reglement","summary":"Le Data Governance Act met en place des mecanismes de confiance pour le partage de donnees, avec intermediaires de donnees, reutilisation de certaines donnees publiques et data altruism.","scope":["Cadre de partage de donnees de confiance","Intermediaires et obligations de neutralite","Mecanismes de gouvernance europeens"],"fireUsage":["Assessment gouvernance data inter-organisation","Evaluation des controles de confiance","Preparation des usages data mutualises"],"pdfPath":"/varden-auditor/docs/regulations/data-governance-act.pdf","pdfUrl":"https://localhost:3001/varden-auditor/docs/regulations/data-governance-act.pdf"},{"id":"eidas","frameworkTag":"EIDAS","shortName":"eIDAS","officialTitle":"Reglement (UE) 910/2014 (et evolutions eIDAS 2.0)","type":"Reglement","summary":"eIDAS encadre l'identite electronique et les services de confiance (signature, cachet, horodatage, etc.) pour des transactions numeriques fiables dans l'UE.","scope":["Identification electronique transfrontaliere","Services de confiance qualifies","Integrite et non-repudiation des echanges"],"fireUsage":["Evaluation identite et preuves numeriques","Maturite des controles de confiance","Trajectoire de conformite trust services"],"pdfPath":"/varden-auditor/docs/regulations/eidas.pdf","pdfUrl":"https://localhost:3001/varden-auditor/docs/regulations/eidas.pdf"},{"id":"cybersecurity-act","frameworkTag":"CYBERSECURITY_ACT","shortName":"Cybersecurity Act","officialTitle":"Reglement (UE) 2019/881","type":"Reglement","summary":"Le Cybersecurity Act renforce le role de l'ENISA et etablit un cadre europeen de certification cybersecurite pour produits, services et processus ICT.","scope":["Cadre de certification cybersecurite UE","Niveaux d'assurance et schemes","Appui institutionnel via ENISA"],"fireUsage":["Assessment maturite assurance/certification","KPI de couverture de certification","Rapport d'alignement exigences de confiance"],"pdfPath":"/varden-auditor/docs/regulations/cybersecurity-act.pdf","pdfUrl":"https://localhost:3001/varden-auditor/docs/regulations/cybersecurity-act.pdf"},{"id":"ai-act","frameworkTag":"AI_ACT","shortName":"AI Act","officialTitle":"Reglement europeen sur l'intelligence artificielle (AI Act)","type":"Reglement","summary":"L'AI Act introduit une approche par niveau de risque des systemes d'IA, avec interdictions, obligations renforcees pour les systemes a haut risque et exigences de transparence.","scope":["Classification des systemes d'IA par risque","Obligations providers/deployers","Gouvernance, documentation et supervision humaine"],"fireUsage":["Qualification des usages IA de l'organisation","Assessments de conformite IA et traceabilite","Rapports de risques et plans de mise en conformite"],"pdfPath":"/varden-auditor/docs/regulations/ai-act.pdf","pdfUrl":"https://localhost:3001/varden-auditor/docs/regulations/ai-act.pdf"},{"id":"eucc","frameworkTag":"EUCC","shortName":"EUCC","officialTitle":"Schema europeen EUCC (Common Criteria-based)","type":"Schema","summary":"EUCC structure la certification cyber des produits/services ICT selon une approche Common Criteria. Il renforce la confiance et la comparabilite des niveaux d assurance.","scope":["Parcours de certification cyber produit/service","Niveaux d assurance et exigences d evaluation","Articulation avec les attentes Cybersecurity Act"],"fireUsage":["Qualification des produits a certifier","KPI readiness de certification","Alignement des preuves techniques et documentaires"],"pdfPath":"https://www.enisa.europa.eu/topics/cybersecurity-certification/european-cybersecurity-certification-schemes-in-detail","pdfUrl":"https://www.enisa.europa.eu/topics/cybersecurity-certification/european-cybersecurity-certification-schemes-in-detail"},{"id":"eba-ict","frameworkTag":"EBA_ICT","shortName":"EBA ICT Guidelines","officialTitle":"EBA/GL/2019/04 - Guidelines on ICT and Security Risk Management","type":"Guide","summary":"Les lignes directrices EBA renforcent la gouvernance ICT, la maitrise des risques de securite et la supervision des dispositifs numeriques dans le secteur bancaire.","scope":["Gouvernance ICT et responsabilites direction","Gestion du risque securite et continuite","Maitrise des risques d outsourcing et de dependance"],"fireUsage":["Evaluation prudentielle bancaire complementaire a DORA","Scoring de maturite gouvernance ICT","Plan d actions priorise pour les exigences superviseur"],"pdfPath":"https://www.eba.europa.eu/regulation-and-policy/internal-governance/guidelines-on-ict-and-security-risk-management","pdfUrl":"https://www.eba.europa.eu/regulation-and-policy/internal-governance/guidelines-on-ict-and-security-risk-management"},{"id":"eiopa-cloud-outsourcing","frameworkTag":"EIOPA_CLOUD","shortName":"EIOPA Cloud Outsourcing","officialTitle":"EIOPA Guidelines on outsourcing to cloud service providers","type":"Guide","summary":"Les guidelines EIOPA cadrent l outsourcing cloud dans l assurance: gouvernance, due diligence, clauses contractuelles, supervision continue et strategie de sortie.","scope":["Cadre de gouvernance de l outsourcing cloud","Exigences contractuelles, audit et controle","Reversibilite et gestion de concentration des risques"],"fireUsage":["Assessments cloud/tiers secteur assurance","KPI de supervision fournisseurs cloud","Plans de remediations orientes conformite prudentielle"],"pdfPath":"https://www.eiopa.europa.eu/publications/guidelines-outsourcing-cloud-service-providers_en","pdfUrl":"https://www.eiopa.europa.eu/publications/guidelines-outsourcing-cloud-service-providers_en"},{"id":"nbb-fsma-circulars","frameworkTag":"NBB_FSMA","shortName":"Circulaires NBB/FSMA","officialTitle":"Circulaires prudentielles belges (NBB et FSMA) selon perimetre","type":"Circulaire","summary":"Les circulaires NBB/FSMA precisent des attentes nationales de gouvernance, securite, outsourcing et continuite pour les acteurs supervises en Belgique.","scope":["Attentes nationales complementaires aux textes UE","Precisions de supervision sur ICT, risque et controle","Exigences de documentation et de preuve en audit"],"fireUsage":["Localisation Belgique des assessments reglementaires","Adaptation des plans de remediation au superviseur local","Consolidation des preuves pour revues prudentielles"],"pdfPath":"https://www.nbb.be/fr/supervision-financiere","pdfUrl":"https://www.nbb.be/fr/supervision-financiere"}]}