Skip to content
Home / Authority

Regulator

While agencies draft the technical standards and governments pass broad legislation, regulators serve as the specialized “boots on the ground” that interpret and enforce these rules within specific sectors. Their primary role in 2026 is to ensure operational accountability by conducting audits, managing mandatory incident disclosures, and issuing penalties for non-compliance. Unlike agencies, which focus on guidance, regulators like the SEC, BaFin, or the FCC have the authority to halt business operations or impose significant fines. Regulators have moved toward “threat-led” supervision—actively testing an organization’s resilience through simulated attacks and requiring boards of directors to prove they have “cyber literacy” as part of their fiduciary duty.

Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (Final Rule; Release No. 33-11216)

This regulation requires public companies to enhance and standardize their disclosures regarding cybersecurity to provide investors with more consistent and decision-useful information. It mandates two primary types of reporting: the… Read More »Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (Final Rule; Release No. 33-11216)

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) establishes a comprehensive cybersecurity framework designed to protect electronic protected health information (ePHI) within healthcare organizations. Central to HIPAA’s cybersecurity… Read More »Health Insurance Portability and Accountability Act of 1996 (HIPAA)