AjaCertX · Regional Compliance

Regional Compliance

Get a Proposal → WhatsApp Us
European Union

European Union Compliance

GDPRNIS2EU AI ActDORACyber Resilience Act

The EU regulatory landscape is the most comprehensive in the world. GDPR, NIS2, EU AI Act and DORA collectively impose obligations on any organisation operating in or serving the European market. AjaCertX delivers structured compliance programmes across all EU regulatory frameworks.

GDPR Compliance Programme

End-to-end GDPR compliance covering data mapping, lawful basis, privacy notices, DPIA, consent and breach response — reducing regulatory exposure across EU operations.

Get Proposal →
NIS2 Directive Compliance

NIS2 compliance programme covering scope assessment, security measures, incident reporting obligations and supply chain security for essential and important entities.

Get Proposal →
EU AI Act Readiness & Compliance

EU AI Act compliance programme covering AI system risk classification, high-risk AI obligations, conformity assessment and governance framework design.

Get Proposal →
DORA — Digital Operational Resilience

DORA compliance support for financial entities — covering ICT risk management, incident reporting, digital operational resilience testing and third-party risk.

Get Proposal →
Cyber Resilience Act Readiness

EU Cyber Resilience Act readiness assessment for product manufacturers — covering cybersecurity requirements for connected products and software.

Get Proposal →
United States

United States Compliance

NIST CSFCCPAFedRAMPCMMCHIPAA

US compliance spans federal and state-level obligations across cyber, data privacy and sector-specific frameworks. AjaCertX delivers NIST CSF, CCPA, FedRAMP and CMMC programmes for organisations operating in or serving the US market.

NIST Cybersecurity Framework (CSF)

NIST CSF gap assessment, implementation roadmap and programme design — aligning your cyber security programme to the NIST Identify, Protect, Detect, Respond, Recover framework.

Get Proposal →
CCPA / CPRA Privacy Compliance

California Consumer Privacy Act and CPRA compliance programme covering consumer rights, data inventory, opt-out mechanisms and privacy policy obligations.

Get Proposal →
FedRAMP Authorisation Readiness

FedRAMP readiness assessment and authorisation programme support for cloud service providers seeking to serve US federal government agencies.

Get Proposal →
CMMC Compliance Support

Cybersecurity Maturity Model Certification (CMMC) compliance support for defence contractors and suppliers serving the US Department of Defense.

Get Proposal →
United Kingdom

United Kingdom Compliance

UK GDPRCyber EssentialsNCSC GuidelinesFCA / PRA

Post-Brexit, the UK operates its own data protection and cyber security regulatory framework. AjaCertX delivers UK GDPR, Cyber Essentials and NCSC-aligned compliance programmes for UK-based and UK-operating organisations.

UK GDPR Compliance Programme

UK GDPR compliance programme covering data protection obligations under the UK Data Protection Act 2018 for UK-based organisations post-Brexit.

Get Proposal →
Cyber Essentials & Cyber Essentials Plus

Cyber Essentials and Cyber Essentials Plus certification support — required for UK government contracts and demonstrating baseline cyber security controls.

Get Proposal →
NCSC Cyber Security Framework Alignment

Alignment to NCSC cyber security guidance and frameworks — building a proportionate, risk-based cyber security programme for UK organisations.

Get Proposal →
GCC — Gulf Cooperation Council

GCC Regional Cyber Compliance

Qatar NCSASaudi NCA ECCUAE NESABahrain NCSCOman NCSIKuwait CITRA

Each GCC member state has its own national cyber security authority and regulatory framework. AjaCertX delivers compliance programmes across all six GCC jurisdictions — from Qatar NCSA and Saudi NCA ECC to UAE NESA and beyond.

Qatar NCSA Compliance

Qatar National Cyber Security Agency compliance programme covering NCSA framework requirements for organisations operating in Qatar.

Learn More →
Saudi Arabia NCA ECC Compliance

Saudi Arabia National Cybersecurity Authority — Essential Cybersecurity Controls (ECC) compliance programme for organisations operating in the Kingdom.

Learn More →
UAE NESA Compliance

UAE National Electronic Security Authority compliance programme covering UAE Information Assurance Standards for organisations operating in the UAE.

Learn More →
Bahrain NCSC Compliance

Bahrain National Cyber Security Centre compliance programme for organisations operating in Bahrain across financial services, technology and critical sectors.

Learn More →
Oman NCSI Compliance

Oman National Computer Emergency Response Team and Information Security compliance for organisations operating across Omani regulated sectors.

Learn More →
Kuwait CITRA Compliance

Kuwait Communications and Information Technology Regulatory Authority compliance programme for ICT and technology organisations operating in Kuwait.

Learn More →
India

India Compliance & Assurance

DPDP Act 2023 CERT-In RBI SEBI IRDAI BIS QCI NABH NABL NCIIPC CDSCO Schedule M MeitY IT Act 2000

India has one of the world's most complex and rapidly evolving compliance landscapes — spanning data protection, cyber security, financial regulation, healthcare accreditation, product standards and pharmaceutical regulation. The Digital Personal Data Protection Act 2023 introduces obligations for all organisations processing Indian citizens' data. CERT-In six-hour incident reporting is active. BIS Scheme-X enforcement begins September 2026. Revised Schedule M GMP standards are in force. NABH 6th Edition hospital standards published January 2025. AjaCertX delivers practical, senior-led assurance across every domain of India's regulatory framework.

DPDP Act 2023 Compliance Programme

India's Digital Personal Data Protection Act 2023 introduces comprehensive obligations for data fiduciaries. Our programme covers data mapping, consent management, privacy notices, data localisation obligations, breach notification procedures and Data Protection Officer readiness — building a compliance framework that meets MeitY implementation rules.

Get Proposal →
CERT-In Compliance

CERT-In Directions 2022 mandate six-hour incident reporting, IT system audits, log retention and virtual asset service provider obligations. Our programme covers gap assessment against all CERT-In requirements, incident response procedure development, log management architecture review and preparation for CERT-In empanelled auditor assessments.

Get Proposal →
RBI / SEBI Cyber Security Framework

RBI's IT Framework, Cyber Security Framework for Banks and SEBI's Cyber Security and Cyber Resilience Framework impose sector-specific obligations on banks, NBFCs, payment system operators, stock exchanges and capital market intermediaries. Our programme delivers gap assessment, control implementation and audit readiness across both frameworks.

Get Proposal →
ISO Certification in India

AjaCertX supports Indian organisations through the complete ISO certification journey — gap analysis, management system implementation, internal audit programme and certification audit preparation. Standards covered: ISO 9001, ISO 14001, ISO 45001, ISO 27001, ISO 13485, ISO 42001, ISO 22301, IATF 16949 and AS/EN 9100.

Get Proposal →
BIS Certification Readiness

Bureau of Indian Standards certification is mandatory for an expanding range of product categories under Quality Control Orders. Our programme covers ISI Mark certification, Compulsory Registration Scheme (CRS) for electronics, Foreign Manufacturers Certification Scheme (FMCS) and Scheme-X compliance — mandatory from September 2026 for industrial and electrical products.

Get Proposal →
NABH Accreditation Readiness

National Accreditation Board for Hospitals & Healthcare Providers accreditation demonstrates a healthcare organisation's commitment to patient safety and quality. Our programme delivers gap assessment against NABH 6th Edition standards (January 2025), quality management system implementation, staff competence programmes, documentation development and pre-accreditation audit for hospitals, clinics and small healthcare organisations.

Get Proposal →
NABL Accreditation Readiness

National Accreditation Board for Testing and Calibration Laboratories accreditation against ISO/IEC 17025 is a prerequisite for laboratories supplying results to regulators, government bodies and international clients. Our programme covers quality management system implementation, technical competence assessment, measurement uncertainty review, method validation support, proficiency testing planning and pre-assessment gap audit.

Get Proposal →
CDSCO & Schedule M Compliance

Central Drugs Standard Control Organisation registration and revised Schedule M GMP compliance are mandatory for pharmaceutical manufacturers, medical device manufacturers and importers operating in India. Our programme covers Schedule M gap assessment, GMP system implementation, regulatory dossier support and CDSCO inspection readiness for domestic and international pharma organisations.

Get Proposal →
IRDAI Cyber Security Framework

The Insurance Regulatory and Development Authority of India's cyber security framework imposes obligations on insurance companies, third-party administrators and insurance intermediaries covering information security governance, vulnerability assessment, incident response and cyber risk reporting. Our programme delivers framework gap assessment, control implementation and regulatory audit readiness.

Get Proposal →
NCIIPC Critical Infrastructure Compliance

National Critical Information Infrastructure Protection Centre imposes obligations on organisations in critical sectors — energy, banking, telecom, transport and government — under the IT Act 2000 framework. Our programme covers critical information infrastructure designation assessment, protection plan development, security audit preparation and NCIIPC reporting obligations.

Get Proposal →
Regulatory Landscape

India's Compliance Framework by Domain

Data Protection
DPDP Act 2023 — Personal data obligations, consent, data fiduciary registration, breach notification within 72 hours.

IT Act 2000 (amended) — Sensitive personal data rules, intermediary liability, cyber offence provisions.
Cyber Security
CERT-In Directions 2022 — Six-hour incident reporting, mandatory IT audits, log retention, VASP obligations.

NCIIPC — Critical infrastructure protection, sector-specific security plans, mandatory reporting.
Financial Services
RBI — IT Framework, Cyber Security Framework for Banks, Business Continuity, Technology Risk Management.

SEBI / IRDAI — Cyber resilience framework, incident reporting, third-party risk, audit obligations.
Healthcare & Laboratories
NABH 6th Edition (2025) — Hospital accreditation standards for patient safety, quality management and clinical outcomes.

NABL / ISO 17025 — Testing and calibration laboratory accreditation under Quality Council of India.
Product Standards
BIS / QCO — ISI Mark, CRS for electronics, FMCS for foreign manufacturers, Scheme-X mandatory from September 2026.

QCI — Quality Council of India accreditation and conformity assessment programmes.
Pharmaceuticals & Medical Devices
Schedule M (Revised) — WHO-GMP aligned Good Manufacturing Practice standards — in force for all licensed manufacturers.

CDSCO — Drug licensing, medical device registration, import licences and regulatory dossier compliance.
Why Act Now

India's Compliance Deadlines Are Active

DPDP Act 2026
Implementation rules expected 2026. Organisations must establish compliance frameworks before rules are notified — preparation must begin now.
BIS Scheme-X — September 2026
Mandatory BIS certification for industrial and electrical products. Certification timelines of 6–9 months mean applications must be submitted immediately.
Schedule M — In Force
Revised GMP standards are in force for all licensed manufacturers. Non-compliant facilities face licence cancellation. Gap assessment is the urgent first step.
CERT-In — Active
Six-hour incident reporting is a live obligation. Non-reporting attracts penalties. Incident response plans must be in place before an incident occurs.
NABH 6th Edition — 2025
New hospital accreditation standards published January 2025. Healthcare organisations seeking or renewing NABH accreditation must assess against the updated framework.
ISO 27001:2022 Transition
Organisations holding ISO 27001:2013 certificates must transition to the 2022 version. India's rapidly growing tech and financial sector is driving strong certification demand.
Get Proposal → WhatsApp Us
Singapore

Singapore Compliance

MAS Technology Risk Management, PDPA and CSA Cybersecurity Act compliance programmes for financial institutions and technology organisations operating in Singapore.

MAS Technology Risk Management (TRM)

MAS TRM Guidelines compliance programme covering IT risk governance, system resilience, access controls, incident management and third-party risk for Singapore financial institutions.

Get Proposal →
PDPA Compliance Programme

Singapore Personal Data Protection Act compliance programme covering data protection obligations, consent, transfer limitation and breach notification requirements.

Get Proposal →
CSA Cybersecurity Act Compliance

Singapore Cybersecurity Act compliance support for critical information infrastructure owners and cybersecurity service providers operating in Singapore.

Get Proposal →
Our Approach

How AjaCertX Works With You

A structured engagement methodology — from initial assessment through to ongoing governance and continual improvement.

Step 01
Scope

We identify which regional regulatory frameworks apply to your organisation — based on where you operate, where your data is processed and where your customers are located.

Step 02
Gap Assessment

Structured gap assessment against applicable regional regulations — identifying control gaps, documentation requirements and compliance obligations.

Step 03
Roadmap

Prioritised compliance roadmap with milestones, resource requirements and timeline — aligned to regulatory deadlines and your operational constraints.

Step 04
Implementation

Hands-on implementation support — covering policy design, control implementation, training and regulatory notification where required.

Step 05
Evidence & Audit

Evidence packaging and audit trail development — ensuring your compliance programme withstands regulatory scrutiny and third-party assessment.

Step 06
Monitor

Ongoing regulatory change monitoring — alerting you to new obligations, amended requirements and enforcement trends across your target markets.

Insights & Resources

Knowledge For Your Team

Whitepaper
Regional Cyber Compliance 2025: What Organisations Operating Across Multiple Markets Must Do Now

How to manage overlapping regional cyber and data protection obligations — from GDPR and NIS2 to GCC frameworks, DPDP Act and MAS TRM.

Read More →
Guide
GCC Cyber Compliance Guide: Qatar NCSA, Saudi NCA ECC, UAE NESA and Beyond

Practical guide to navigating GCC cyber security regulatory frameworks across all six GCC member states.

Read More →
Article
EU AI Act vs India DPDP Act vs Singapore PDPA: Key Differences for Global Organisations

How three major data and AI regulatory frameworks compare — and what organisations operating across all three jurisdictions must prioritise.

Read More →
Webinar
GCC Cyber Compliance 2026 — Live Q&A for Technology Organisations

Our regional compliance specialists walk through GCC cyber framework requirements with live Q&A.

Read More →
Operating across multiple markets? We cover every region.
WhatsApp Connect