Navigating the regulatory compliance landscape can be overwhelming and challenging. Ensure compliance within the laws, guidelines and agreements governing your organization with the right regulatory compliance software.
Regulatory compliance is more challenging than ever. Industry-specific laws like Sarbanes-Oxley, and regulators such as the FDA and OSHA keep businesses in check – but keeping up with constant changes is a significant risk.
Compliance now touches more business processes than ever before, with many designed to meet regulations and improve workplace safety. Disconnected regulatory solutions create duplicate efforts, inefficiencies and higher costs while blurring your view of organizational risk.
NAVEX simplifies compliance. With software to help you stay ahead of evolving regulations, you can focus on confidently running your business.
The table below highlights key global GRC regulations our customers seek guidance on, and our experts find most critical. While this list isn’t exhaustive, it is a valuable resource for understanding major compliance requirements.
Most regulations require a mix of training, whistleblowing systems, policies and other measures to ensure full compliance. With NAVEX One GRC software, you can access everything you need in one comprehensive platform.
This information is for educational purposes only and does not constitute legal advice. For details specific to your organization, consult legal representation.
At NAVEX, we understand the complexities of regulatory compliance and are here to help. Here you’ll find regulatory compliance requirements and recommendations for some of the most impactful legislation worldwide.
| Regulation | Description | Jurisdiction | Company Size | Industry | Focus | Regulation | ||
|---|---|---|---|---|---|---|---|---|
| CCPA - California Consumer Privacy Act | Enhances privacy rights and consumer protection for residents of the state of California. It gives consumers more control over the personal information that businesses collect about them. | California | - | All | Data Privacy & Cybersecurity | |||
| CPRA | Data privacy law that creates mechanisms to allow California residents to exercise rights. | California | All | Data Privacy & Cybersecurity | ||||
| California SB 553 | Violence protection requirements for any company headquartered in California – or with a location in California employing 10 or more people. | California | All | Harassment, discrimination & retaliation | ||||
| Crimes Legislation Amendment (Combatting Foreign Bribery) Act 2024 | Legal framework penalizing bribery of foreign officials. "Adequate procedures" defense. | Australia | All | Fraud, bribery & corruption | ||||
| DOJ Corporate Guidance | Addresses DOJ Guidance on corporate compliance programs. It is about how to assess the strength and quality of a company's corporate compliance program. | United States | All | Employee Compliance | ||||
| DORA | Universal framework for managing and mitigating information and communications technology (ICT) risk in the financial sector. | Global | Financial Services | Data Privacy & Cybersecurity | ||||
| EU AI Act | First-ever AI legal framework. AI inventory and repository, classify/scope AI use cases, AI strategy and governance programme, audits and controls. | European Union | All | Data Privacy & Cybersecurity | ||||
| EU Whistleblower Directive | Ensures anonymous, secure, responsive, whistleblowing systems and processes for employees. It also provide robust protection from retaliation for individuals who report breaches of EU law. | European Union | All | Whistleblowing & Incident Management | ||||
| FCPA | Identify, track and manage risks and liabilities associated with Foreign Corrupt Practices Act (FCPA). | United States | All | Fraud, bribery & corruption | ||||
| Fair Employment and Housing Act (FEHA) | Provides protection from harassment or discrimination in employment because of: age (40 and over), ancestry, color, creed, denial of family and medical care. | United States | All | Harassment, discrimination & retaliation | ||||
| Fair Work Act 2009 | "All reasonable steps" liability mitigation doctrine against workplace sexual harassment. | Australia | All | Harassment, discrimination & retaliation | ||||
| French Labor Code | Labor law that governs work and labor relations in France. It ensures that full-time employees working a 35-hour week are entitled to a minimum of five weeks of paid leave annually. | France | All | Labor Laws & Regulations | ||||
| GDPR | Sets guidelines for the collection and processing of personal information from individuals who live in and out of the European Union (EU). | European Union | All | Data Privacy & Cybersecurity | ||||
| German Supply Chain Act (LkSG) | Address complex requirements across supply chains to ensure a unified protection of human rights. | Germany | All | Supply Chain | ||||
| HIPAA | Stringent privacy and security requirements around healthcare insurance portability and accountability. | United States | Healthcare | Data Privacy & Cybersecurity | ||||
| ISO 27001 | An international standard to manage information security. Companies must install an effective organization ISO 27001 program to continuously monitor and evolve ISMS. | Global | All | Data Privacy & Cybersecurity | ||||
| NERC CIP | Requirements to control cyber assets and infrastructure, such as electronic security perimeters, as well as physical assets. | United States | All | Data Privacy & Cybersecurity | ||||
| NIS2 | Staying secure, resilient and aligned with cybersecurity regulations. It establishes a unified legal framework to uphold cybersecurity in 18 critical sectors across the EU. | European Union | - | All | Data Privacy & Cybersecurity | |||
| NIST CSF | Risk-based cybersecurity framework used to internationally to provide a foundation for managing cybersecurity risk. | Global | All | Data Privacy & Cybersecurity | ||||
| NYDFS | New York financial services firms must comply with 23 NYCRR 500, a regulation from the New York Department of Financial Services (NYDFS) that places cybersecurity requirements on all covered NY financial institutions | New York | Financial Services | Data Privacy & Cybersecurity | ||||
| New York Retail Worker Safety Act | All employee workplace violence prevention policy and prevention training program for companies in New York retail. | New York | Retail | Harassment, discrimination & retaliation | ||||
| OSHA | The Occupational Health and Safety Administration (OSHA) offers a set of regulations to ensure private sector and federal employers maintain a safe working environment. | United States | All | Labor Laws & Regulations | ||||
| PCI-DSS | PCI DSS is a set of security standards that protect credit card data. It requires businesses to follow strict rules to keep cardholder information safe. | United States | Financial Services | Data Privacy & Cybersecurity | ||||
| Sapin II | Sapin II mandates French companies and global corporations in France to prevent and detect corruption and influence peddling, both domestically and internationally. | France | All | Fraud, bribery & corruption | ||||
| Sarbanes-Oxley (SOX) | Sarbanes Oxley requires all publicly traded companies to report their internal accounting controls to the Securities and Exchange Commission (SEC), calling on the CEO and CFO to personally attest to the completion and accuracy of their records. | United States | All | Fraud, bribery & corruption | ||||
| Treasury Laws Amendment (Enhancing Whistleblower Protections) Bill 2017 | Consolidates and broadens existing protections and remedies for corporate and financial sector whistleblowers. | Australia | All | Whistleblowing & Incident Management | ||||
| UK Bribery Act | Requirements and rules around anti-bribery in the UK. It covers transactions that take place in the UK or abroad, and both in the public or private sectors. | United Kingdom | All | Fraud, bribery & corruption | ||||
| UK Modern Slavery Act | Stringent transparency requirements of anti-slavery, worker safety and to enhance protection for victims. | United Kingdom | All | Labor Laws & Regulations | ||||
| UK Worker Protection Act | Mandates stringent and proactive measures to safeguard employees from sexual harassment in the workplace | United Kingdom | All | Harassment, discrimination & retaliation | ||||
| US State-level Anti-harassment Laws | Evolving anti-harassment and worker protection laws in California, Connecticut, Delaware, Illinois and the city of Chicago, Maine, New York and New York City, Washington and Washington D.C., and more. | United States | - | All | Harassment, discrimination & retaliation |
Our regulatory compliance software can help you stay compliant with the most impactful legislation worldwide
With ever-changing guidelines and new regulations being introduced, getting compliance right can feel like hitting a moving target. Here’s what you need in your regulatory compliance management toolkit.
Regulatory compliance strategy
An understanding of what regulations, policies and obligations are applicable to your company, and a strategy for ongoing auditing, recording and reporting of exception events and corrective actions.
Integrated regulatory compliance software
Keeping track of frequently changing regulations is challenging. Manage compliance in a single platform that consolidates policy management, whistleblowing and incident management, employee training and more.
Automated regulatory compliance management
Automated regulatory compliance management streamlines processes by proactively notifying users of changing requirements and connecting insights across the platform. This reduces manual effort, minimizes errors and ensures compliance with evolving regulations.
Webinars
Join NAVEX for a webinar that explores how a proactive, preventative approach, powered by ethics and compliance training, policy management, and whistleblowing solutions, can help organizations …
View on demand
8 Apr 2025 Press release
NAVEX Releases New Supply Chain Due Diligence Course
Read the news
White Papers
A practical compliance guide for UK-based companies navigating new EU cybersecurity requirements under the NIS2 Directive and DORA.
Get the white paper
White Papers
This resource provides guidance on how to build an effective compliance program.
Get the white paper
25 Mar 2025 Press release
NAVEX has released its online interactive training program designed to help New York retailers comply with the newly enacted Retail Worker Safety Act.
Read the news
Datasheets
See the full range of full-length and short-form compliance training courses NAVEX offers in our comprehensive NAVEXEngage catalog.
Get the datasheet
Courses
Your supply chain impacts everything. Employees – and supply chain partners – need to understand the importance of this complex network of suppliers, manufacturers and distributors, and how to help …
Learn more about this course
4 Mar 2025 Bill Cameron
Read more
Courses
Being a manager is more than just having a job title. It is a responsibility. Managers are entrusted to uphold policies, support employees and set an example for doing business the right way. That’s …
Learn more about this course
Regulatory compliance software is a specialized tool designed to help organizations manage and adhere to industry-specific regulations. It differs from general compliance solutions by offering features tailored to the specific regulatory requirements of a given industry.
The software often includes features like near real-time regulatory updates, alerts and automated monitoring, helping organizations stay informed about changes in regulations that may impact their operations.
Many regulatory compliance solutions are configurable to meet the unique requirements of various industries. This allows organizations to tailor the software to their specific regulatory landscape.
Automation features help streamline compliance processes, such as document management, reporting and audit preparation. This reduces manual efforts, minimizes errors and ensures consistent adherence to regulations.
Regulatory compliance software provides tools for organizing and presenting relevant compliance data during audits. It helps ensure all necessary documentation is readily available, facilitating a smoother audit process.
Yes, many regulatory compliance solutions are designed to concurrently handle compliance with multiple regulations. They often provide a centralized platform for managing various regulatory requirements - like NAVEX One.
Security features typically include access controls, encryption and secure storage. Role-based access ensures only authorized personnel can view or modify sensitive compliance information.
The software may include risk assessment tools and dashboards that help organizations identify and evaluate compliance risks. It facilitates the development and implementation of strategies to mitigate these risks.
Yes, most solutions offer reporting functionalities that allow organizations to generate detailed compliance reports. These reports communicate compliance status to internal stakeholders, regulators and other relevant parties.
Some regulatory compliance solutions – like NAVEX One – include training modules and tracking features to ensure employees receive appropriate training on relevant regulations. This helps maintain a compliant and well-informed workforce.
With NAVEX One regulatory compliance software, you’ll comply with the laws, guidelines and agreements governing your organization.