Benefit from a curated overview of PKI-relevant EU and global frameworks.
The European framework for electronic identification and trust services, establishing standards for digital signatures, seals, timestamps, and website authentication certificates.
The General Data Protection Regulation mandates robust data protection measures, where PKI and certificate management play a critical role in ensuring encrypted communications and data integrity.
The Digital Operational Resilience Act sets requirements for ICT risk management in the financial sector, including cryptographic key management and certificate governance.
New horizontal cybersecurity requirements for products with digital elements, imposing secure-by-design obligations including certificate and cryptographic material management.
Establishes the ENISA cybersecurity certification framework for ICT products, services, and processes. Supports certification posture management and compliance with EUCC schemes.
Strengthened cybersecurity obligations for essential and important entities across the EU, with expanded scope covering certificate management and PKI infrastructure.
The Payment Services Directive mandates QWACs and Qualified Seals for payment service providers and TPPs, requiring robust PKI for secure open banking APIs.
The Critical Entities Resilience Directive complements NIS2 for physical and cyber resilience of critical entities, requiring certificate-based access control for critical infrastructure.
The EUDI Wallet framework extends eIDAS 2.0, creating massive PKI demand for wallet credential issuance at scale — from qualified electronic attestations to person identification data.
The Referentiel General de Securite defines security requirements for French public administration information systems, mandating ANSSI-accredited certificates for government services.
The Loi de Programmation Militaire imposes strict security obligations on Operators of Vital Importance (OIV), including cryptographic controls and certificate management for critical national infrastructure.
Germany's IT Security Act and BSI standards require KRITIS operators to implement robust cryptographic controls. BSI TR-03145 governs CA operations and certificate management.
Spain's Esquema Nacional de Seguridad establishes digital certificate requirements for e-government services, mandating certificate inventory and lifecycle management at Medium and High assurance levels.
Italy's National Cybersecurity Perimeter mandates PKI-based access control and certificate-based authentication for strategic organizations operating within the national cyber perimeter.
The gold standard for information security management systems, with specific controls for cryptographic key management and certificate governance across organizations.
The dedicated PKI certificate lifecycle management standard, directly mapping to discovery, governance, and automation workflows for certificate operations.
Payment Card Industry Data Security Standard requires strict certificate lifecycle management for securing cardholder data environments and encrypted communications.
Service Organization Control audit framework requiring demonstrable key lifecycle management, certificate rotation policies, HSM usage, and comprehensive audit logging.
European standards (EN 319 401, 411, 412) defining general policy and security requirements for Trust Service Providers, governing PKI operations, qualified certificate issuance, and TSP compliance.
No regulations found
Try adjusting your search or filters
From encrypting sensitive data to authenticating digital identities, certificates are the foundational layer that enables regulatory compliance. As regulations multiply and tighten, managing your PKI infrastructure becomes a strategic imperative — not just a technical task.
Our team of PKI and compliance experts can help you understand regulatory requirements and implement the right certificate management strategy.
Get in touch
