eu-regulations

[ { "control_id": "A.5.1", "control_name": "Policies for information security", "regulation": "DSA", "articles": ["14", "34"], "coverage": "partial", "notes": "Art 14 T&C policies, Art 34 VLOP risk management policies" }, { "control_id": "A.5.2", "control_name": "Information security roles and responsibilities", "regulation": "DSA", "articles": ["11", "41"], "coverage": "full", "notes": "Art 11 points of contact, Art 41 compliance officers for VLOPs" }, { "control_id": "A.5.31", "control_name": "Legal, statutory, regulatory and contractual requirements", "regulation": "DSA", "articles": ["1", "2", "3"], "coverage": "full", "notes": "Art 1-3 define scope, liability exemptions, and territorial application" }, { "control_id": "A.5.35", "control_name": "Independent review of information security", "regulation": "DSA", "articles": ["37"], "coverage": "full", "notes": "Art 37 requires independent audits for VLOPs at least annually" }, { "control_id": "A.6.8", "control_name": "Information security event reporting", "regulation": "DSA", "articles": ["16", "18"], "coverage": "full", "notes": "Art 16 notice-and-action mechanism, Art 18 criminal offense reporting" }, { "control_id": "A.8.8", "control_name": "Management of technical vulnerabilities", "regulation": "DSA", "articles": ["34", "35"], "coverage": "partial", "notes": "Art 34-35 VLOP risk assessment and mitigation including systemic risks" }, { "control_id": "A.8.16", "control_name": "Monitoring activities", "regulation": "DSA", "articles": ["16", "34"], "coverage": "full", "notes": "Art 16 content monitoring for notices, Art 34 systemic risk monitoring" } ]